Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for simgear by flightgear

    CVE-2025-0781 (GCVE-0-2025-0781)

    Vulnerability from nvd – Published: 2025-01-28 16:34 – Updated: 2025-02-12 20:01
    VLAI
    Title
    Incorrect Authorization in SimGear
    Summary
    An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    FlightGear SimGear Affected: 0 , ≤ 2020.3.19 (semver)
    Create a notification for this product.
    Credits
    Florent Rougon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-29T22:02:34.292Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T17:02:59.957883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:01:11.702Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SimGear",
              "vendor": "FlightGear",
              "versions": [
                {
                  "lessThanOrEqual": "2020.3.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Florent Rougon"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-28T16:34:21.881Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8"
            },
            {
              "url": "https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358"
            },
            {
              "name": "GitLab Issue #3025",
              "tags": [
                "issue-tracking",
                "permissions-required"
              ],
              "url": "https://gitlab.com/flightgear/flightgear/-/issues/3025"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FlightGear version 2020.3.20 or 2024.1.1."
            }
          ],
          "title": "Incorrect Authorization in SimGear"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2025-0781",
        "datePublished": "2025-01-28T16:34:21.881Z",
        "dateReserved": "2025-01-28T13:04:32.712Z",
        "dateUpdated": "2025-02-12T20:01:11.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0781 (GCVE-0-2025-0781)

    Vulnerability from cvelistv5 – Published: 2025-01-28 16:34 – Updated: 2025-02-12 20:01
    VLAI
    Title
    Incorrect Authorization in SimGear
    Summary
    An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    FlightGear SimGear Affected: 0 , ≤ 2020.3.19 (semver)
    Create a notification for this product.
    Credits
    Florent Rougon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-29T22:02:34.292Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T17:02:59.957883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:01:11.702Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SimGear",
              "vendor": "FlightGear",
              "versions": [
                {
                  "lessThanOrEqual": "2020.3.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Florent Rougon"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-28T16:34:21.881Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8"
            },
            {
              "url": "https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358"
            },
            {
              "name": "GitLab Issue #3025",
              "tags": [
                "issue-tracking",
                "permissions-required"
              ],
              "url": "https://gitlab.com/flightgear/flightgear/-/issues/3025"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FlightGear version 2020.3.20 or 2024.1.1."
            }
          ],
          "title": "Incorrect Authorization in SimGear"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2025-0781",
        "datePublished": "2025-01-28T16:34:21.881Z",
        "dateReserved": "2025-01-28T13:04:32.712Z",
        "dateUpdated": "2025-02-12T20:01:11.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }