Vulnerabilities > CVE-2023-29465 - Unspecified vulnerability in Sagemath Flintqs 1.0

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

sagemath

NVD

Published: 2023-04-06

Updated: 2024-11-21

Summary

SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).

Vulnerable Configurations

Part	Description	Count
Application	Sagemath Sagemath Flintqs 1.0	1

References

https://github.com/sagemath/FlintQS/issues/3
https://github.com/sagemath/sage/pull/35419
https://github.com/sagemath/FlintQS/issues/3
https://github.com/sagemath/sage/pull/35419