Login Sign Up

CVE-2023-28371

9.8 CRITICAL
Path Traversal

📋 TL;DR

CVE-2023-28371 is a path traversal vulnerability in Stellarium that allows attackers to write files to unintended locations using absolute paths or directory traversal sequences. This affects all users running Stellarium versions through 1.2, potentially enabling arbitrary file write operations.

💻 Affected Systems

Products:
  • Stellarium
Versions: All versions through 1.2
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. The application must be running for exploitation.

📦 What is this software?

Stellarium by Stellarium

View all CVEs affecting Stellarium →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary file write leading to remote code execution, privilege escalation, or system file corruption.

🟠

Likely Case

Local file system manipulation, configuration file overwrites, or data corruption within user-writable directories.

🟢

If Mitigated

Limited to application-specific file writes within sandboxed environments with proper file system permissions.

🌐 Internet-Facing: LOW - Stellarium is primarily a desktop astronomy application not typically exposed to internet.
🏢 Internal Only: MEDIUM - Risk exists if untrusted users can interact with the application locally or via network shares.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction or local access. The vulnerability is in file handling logic that doesn't properly validate paths.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Stellarium 1.3 and later

Vendor Advisory: https://github.com/Stellarium/stellarium/security/advisories

Restart Required: Yes

Instructions:

1. Download Stellarium 1.3 or later from official sources. 2. Uninstall previous version. 3. Install new version. 4. Restart system if prompted.

🔧 Temporary Workarounds

Restrict File System Access

linux

Run Stellarium with reduced privileges using sandboxing or containerization

flatpak run org.stellarium.Stellarium
firejail stellarium

Disable Network Features

all

Block Stellarium network access to prevent remote exploitation vectors

sudo ufw deny out from any to any app 'stellarium'
Use Windows Firewall to block stellarium.exe

🧯 If You Can't Patch

  • Run Stellarium in a sandboxed environment with restricted file system access
  • Remove execute permissions for untrusted users and limit application to trusted accounts only

🔍 How to Verify

Check if Vulnerable:

Check Stellarium version: If version is 1.2 or earlier, system is vulnerable.

Check Version:

stellarium --version (Linux/macOS) or check About in GUI (Windows)

Verify Fix Applied:

Verify Stellarium version is 1.3 or later and check that the commit fixes (1261f74dc4aa6bbd01ab514343424097f8cf46b7, 787a894897b7872ae96e6f5804a182210edd5c78, eba61df3b38605befcb43687a4c0a159dbc0c5cb) are applied.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file write operations from stellarium process
  • Path traversal patterns in file access logs

Network Indicators:

  • Unexpected network activity from stellarium if normally offline

SIEM Query:

process.name='stellarium' AND file.path CONTAINS '..' OR file.path STARTSWITH '/'

📊 Metadata

CVE ID: CVE-2023-28371
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: March 15, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28371, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)