exploitDog

GHSA-4gr9-9jg7-33hm

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.

Ссылки

EPSS

Процентиль: 56%

0.00339

Низкий

9.8 Critical

CVSS3

CVE ID

Связанные уязвимости

CVE-2018-6823

CVSS3: 9.8

nvd

почти 8 лет назад

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.

EPSS

Процентиль: 56%

0.00339

Низкий

9.8 Critical

CVSS3

CVE ID