We use cookies to improve your experience on our site.
AVID-2026-R1228
Description
Vulnerability CVE-2023-28380
Details
Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Reason for inclusion in AVID: CVE-2023-28380 describes an Uncontrolled search path vulnerability in Intel AI Hackathon software prior to 2.0.0, enabling privilege escalation via network access. The affected product is an AI development/tooling component, which is part of AI software stacks; this places it within the supply chain for general-purpose AI systems (as a dependency/tooling artifact). It is a standard security vulnerability with clear exploitation potential (RCE/privilege escalation). The CVE entry and references provide sufficient signal for classification.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | Intel(R) AI Hackathon software |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Base Score | 8.8 |
| Base Severity | 🔴 High |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-427 | Uncontrolled search path |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-08-11
- Version: 0.3.3
- AVID Entry