Cyber Resilience

CVE-2023-52076

HighPublic PoC

Published: 25 January 2024

Published
25 January 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
EPSS Score 0.1371 94.4th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-52076 is a high-severity Path Traversal (CWE-22) vulnerability in Mate-Desktop Atril. Its CVSS base score is 8.5 (High).

Operationally, ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Atril Document Viewer, the default document reader in the MATE desktop environment for Linux, is affected by a path traversal and arbitrary file write vulnerability in all versions prior to 1.26.2. The flaw, tracked under CWE-22 and related categories, permits writing arbitrary files to any location on the filesystem accessible to the user who opens a malicious document, with the sole restriction that existing files cannot be overwritten.

An attacker can exploit the issue by supplying a crafted document that a victim opens locally, requiring no special privileges beyond normal user access. Successful exploitation yields arbitrary file creation that can be leveraged to achieve remote command execution on the target system despite the inability to overwrite files.

The official GitHub security advisory and release notes for Atril 1.26.2, along with the corresponding Debian LTS advisory, direct users to apply the patch available in version 1.26.2; the fix is implemented in commit e70b21c815418a1e6ebedf6d8d31b8477c03ba50. No material change in EPSS has occurred since disclosure.

EU & UK References

Vulnerability details

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere…

more

on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mate-desktop
atril
≤ 1.26.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References