CVE-2024-31498

Опубликовано: 04 апр. 2024

Источник: debian

Описание

Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
yubikey-manager-qt	not-affected			package

Примечания

https://www.yubico.com/support/security-advisories/ysa-2024-01/

Связанные уязвимости

CVE-2024-31498

CVSS3: 8.8

nvd

почти 2 года назад

Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator.

GHSA-5h4m-75jp-hg7m

CVSS3: 8.8

github

почти 2 года назад

ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator.