WrapEarnPass left a comment (geany/geany#4611)

I estimate this as

CVSS Base Score:     6.7
Impact Subscore:     5.9
Exploitability Subscore:  0.8
CVSS Temporal Score:  6.1
CVSS Environmental Score:  6.1
Modified Impact Subscore:  5.9
Overall CVSS Score:  6.1 

CVSS 3.1 Vector
[AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R/CR:H/IR:H/AR:H/MAV:L/MAC:H/MPR:L/MUI:R/MS:U/MC:H/MI:H/MA:H](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R/CR:H/IR:H/AR:H/MAV:L/MAC:H/MPR:L/MUI:R/MS:U/MC:H/MI:H/MA:H&version=3.1)

CIA impact as HIGH because if the exploit is triggered by the user, the command 
in backticks could do anything from execute, to exfiltrate.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/issues/4611#issuecomment-4845963064
You are receiving this because you are subscribed to this thread.

Message ID: <geany/geany/issues/4611/[email protected]>

Reply via email to