CVE-2023-6336 - OpenCVE

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Macos
Hypr	Workforce Access

Configuration 1 [-]

AND

cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.hypr.com/security-advisories	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: HYPR

Published: 2024-01-16T19:42:09.035Z

Updated: 2024-01-16T19:42:09.035Z

Reserved: 2023-11-27T18:05:05.008Z

Link: CVE-2023-6336

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-16T20:15:45.667

Modified: 2024-01-23T16:25:34.050

Link: CVE-2023-6336

JSON object: View

Redhat Information

No data.

CWE

CWE-59

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*", "matchCriteriaId": "83E3E9E9-12B1-41CE-B254-894EDCC79B3F", "versionEndExcluding": "8.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.\n\n"}, {"lang": "es", "value": "La vulnerabilidad de resoluci\u00f3n de enlace incorrecta antes del acceso al archivo (\"Link Following\") en HYPR Workforce Access en MacOS permite el nombre de archivo controlado por el usuario. Este problema afecta a Workforce Access: antes de 8.7."}], "id": "CVE-2023-6336", "lastModified": "2024-01-23T16:25:34.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.8, "source": "security@hypr.com", "type": "Secondary"}]}, "published": "2024-01-16T20:15:45.667", "references": [{"source": "security@hypr.com", "tags": ["Vendor Advisory"], "url": "https://www.hypr.com/security-advisories"}], "sourceIdentifier": "security@hypr.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "security@hypr.com", "type": "Secondary"}]}