javascriptcoregtk4.0-devel-debuginfo 安全漏洞 (CVE-2023-3243)

admin

0
文章

0
评论

2023-11-29 22:55:18 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

javascriptcoregtk4.0-devel-debuginfo 安全漏洞 (CVE-2023-3243)

CVE编号

CVE-2023-3243

利用情况

暂无

补丁情况

N/A

披露时间

2023-06-29

漏洞描述

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://www.honeywell.com/us/en/product-security

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	amazon_2	webkitgtk4	*		Up to (excluding) 2.38.5-3.amzn2.0.2
	运行在以下环境
	系统	anolis_os_8	webkit2gtk3	*		Up to (excluding) 2.38.5-1.0.1
	运行在以下环境
	系统	centos_8	webkit2gtk3-debuginfo	*		Up to (excluding) 2.38.5-1.el8_8.5
	运行在以下环境
	系统	fedora_37	webkitgtk6.0-doc	*		Up to (excluding) 2.40.3-1.fc37
	运行在以下环境
	系统	fedora_38	webkitgtk6.0-doc	*		Up to (excluding) 2.40.3-1.fc38
	运行在以下环境
	系统	honeywell	alerton_bcm-web_firmware	-	-
	运行在以下环境
	系统	opensuse_Leap_15.4	webkitgtk-6_0-injected-bundles	*		Up to (excluding) 2.40.5-150400.4.45.3
	运行在以下环境
	系统	opensuse_Leap_15.5	webkitgtk-6_0-injected-bundles	*		Up to (excluding) 2.40.5-150400.4.45.3
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 2.38.5-1.el8_8.5
	运行在以下环境
	系统	oracle_9	oraclelinux-release	*		Up to (excluding) 2.38.5-1.el9_2.3
	运行在以下环境
	系统	redhat_8	webkit2gtk3-debuginfo	*		Up to (excluding) 2.38.5-1.el8_8.5
	运行在以下环境
	系统	redhat_9	webkit2gtk3	*		Up to (excluding) 2.38.5-1.el9_2.3
	运行在以下环境
	系统	suse_12_SP5	libjavascriptcoregtk-4_0	*		Up to (excluding) 37-2.40.5-2.146.1
	运行在以下环境
	硬件	honeywell	alerton_bcm-web	-	-