According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability requires the victim to perform a specific file management operation to trigger the vulnerability. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to access a malicious folder or directory. Users should never open anything that they do not know or trust to be safe.
Anonymous, <a href="https://github.com/tmds/">Tom Deseyn</a> with Red Hat