Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2023-08349

Опубликовано: 27 июл. 2023
Источник: fstec
CVSS3: 7.8
CVSS2: 6.8
EPSS Низкий

Описание

Уязвимость оболочки клиентского API Insights-Client связана с созданием временных файлов с небезопасными разрешениями в директории /var/tmp/insights-client. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Вендор

Red Hat Inc.

Наименование ПО

Red Hat Enterprise Linux
Insights-Client

Версия ПО

7 (Red Hat Enterprise Linux)
8 (Red Hat Enterprise Linux)
8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux)
9 (Red Hat Enterprise Linux)
8.2 Telecommunications Update Service (Red Hat Enterprise Linux)
8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux)
8.6 Extended Update Support (Red Hat Enterprise Linux)
9.0 Extended Update Support (Red Hat Enterprise Linux)
8.2 Advanced Update Support (Red Hat Enterprise Linux)
8.4 Telecommunications Update Service (Red Hat Enterprise Linux)
8.4 Update Services for SAP Solutions (Red Hat Enterprise Linux)
8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux)
до 3.2.2 (Insights-Client)

Тип ПО

Операционная система
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

Red Hat Inc. Red Hat Enterprise Linux 7
Red Hat Inc. Red Hat Enterprise Linux 8
Red Hat Inc. Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 9
Red Hat Inc. Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Red Hat Inc. Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 8.6 Extended Update Support
Red Hat Inc. Red Hat Enterprise Linux 9.0 Extended Update Support
Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Inc. Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Red Hat Inc. Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для программных продуктов Red Hat Inc.:
https://github.com/RedHatInsights/insights-client/releases/tag/v3.2.2
https://access.redhat.com/security/cve/cve-2023-3972

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 1%
0.00008
Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2023-3972

CVSS3: 7.8
redhat
больше 2 лет назад

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

nvd логотип

CVE-2023-3972

CVSS3: 7.8
nvd
больше 2 лет назад

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

github логотип

GHSA-37f3-8h34-h4xf

CVSS3: 7.8
github
больше 2 лет назад

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

EPSS

Процентиль: 1%
0.00008
Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2