GNOME Maps Vulnerable to Code Injection Attack via Service Configuration File
CVE-2023-43091

Currently unrated

Key Information:

Vendor: GNOME
Vendor: CVE Published:; 17 November 2024

Summary

A security flaw exists within GNOME Maps that allows for code injection via the service.json configuration file. If an attacker successfully manipulates this file, they can execute arbitrary code on the affected system, potentially leading to unauthorized access and system compromise. This vulnerability highlights the importance of securing application configuration files to prevent exploitation by malicious actors.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2239091

https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd7...

https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588

Timeline

Vulnerability published
Nov 17, 2024