2219512 – (CVE-2023-37378) CVE-2023-37378 nsis: mishandles access control for an uninstaller directory

Bug 2219512 (CVE-2023-37378) - CVE-2023-37378 nsis: mishandles access control for an uninstaller directory

Summary: CVE-2023-37378 nsis: mishandles access control for an uninstaller directory

Keywords:
Status:	CLOSED UPSTREAM
Alias:	CVE-2023-37378
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2219513
Blocks:
TreeView+	depends on / blocked

Reported:	2023-07-04 06:14 UTC by TEJ RATHI
Modified:	2023-07-04 11:01 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-07-04 11:01:11 UTC
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-07-04 06:14:13 UTC

Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.

https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967
https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/
https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09
https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467
https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0
http://sf.net/p/nsis/bugs/1296

Comment 1 TEJ RATHI 2023-07-04 06:14:33 UTC

Created mingw-nsis tracking bugs for this issue:

Affects: fedora-all [bug 2219513]

Comment 2 Product Security DevOps Team 2023-07-04 11:01:09 UTC

This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

Note You need to log in before you can comment on or make changes to this bug.