Unrated severityNVD Advisory· Published Feb 21, 2024· Updated Aug 26, 2024
CVE-2023-7235
CVE-2023-7235
Description
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
Affected products
14- osv-coords12 versionspkg:apk/chainguard/openvpnpkg:apk/chainguard/openvpn-auth-pampkg:apk/chainguard/openvpn-devpkg:apk/chainguard/openvpn-docpkg:apk/chainguard/openvpn-openrcpkg:apk/chainguard/openvpn-supervisorpkg:apk/wolfi/openvpnpkg:apk/wolfi/openvpn-auth-pampkg:apk/wolfi/openvpn-devpkg:apk/wolfi/openvpn-docpkg:apk/wolfi/openvpn-openrcpkg:apk/wolfi/openvpn-supervisor
< 2.6.9-r0+ 11 more
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
- (no CPE)range: < 2.6.9-r0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.