Published: 14/09/2023 Updated: 19/09/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local malicious users to execute arbitrary code via crafted .tsv file when creating a new record.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gnome-time tracker 3.0.2

Debian Bug report logs - #1059296 hamster-time-tracker: CVE-2023-36250 Package: src:hamster-time-tracker; Maintainer for src:hamster-time-tracker is Project Hamster Team <team+project-hamster@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 22 Dec 2023 12:48:02 UTC Severity: important ...

CVE-2023-36250 CSV Injection vulnerability in GNOME time tracker version 302, allows local attackers to execute arbitrary code via crafted tsv file when creating a new record Vulnerability Type CSV Injection Discoverer Bruno Teixeira Reference gnomecom Affected Product Code Base GNOME time tracker v302 PoC Creating a new record using a fomrula (=3+3) in the cmdlin

CWE-74 https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059296 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-36250

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect