{"id":"CVE-2023-32190","details":"mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.","modified":"2026-02-04T03:07:00.299398Z","published":"2024-10-16T12:15:07Z","withdrawn":"2024-11-01T12:50:09.007755Z","related":["openSUSE-SU-2024:13622-1"],"references":[{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32190"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2023-32190"}],"affected":[{"package":{"name":"mlocate","ecosystem":"Debian:11","purl":"pkg:deb/debian/mlocate?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.26-5"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32190.json"}}],"schema_version":"1.7.3"}