ISN 2024-09: Xdg-open “Open With” Vulnerability
First published 15 May 2024
CVSS 3.1: 7.8 (high)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A security vulnerability has been found in the Xdg-open utility used in IGEL OS. This affects the following IGEL products:
- IGEL OS 12
- IGEL OS 11
Details
A security vulnerability has been discovered in the Xdg-open utility (“Open with …”) in the context of IGEL OS. It can be used by a local attacker to execute arbitrary commands. This issue is rated as high.
IGEL has patched Xdg-open to remediate this issue, which specifically occurs in the IGEL OS Desktop context.
Update Instructions
- OS 12: Update to the OS 12 base system version 12.3.2 or newer.
- OS 11: Update to IGEL OS version 11.10.100.