exploitDog

GHSA-mvjp-6vj8-pmx6

Опубликовано: 25 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.

Ссылки

EPSS

Процентиль: 55%

0.00325

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-367

Связанные уязвимости

CVE-2023-38041

CVSS3: 7

nvd

больше 2 лет назад

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.

BDU:2024-03459

CVSS3: 7.8

fstec

около 2 лет назад

Уязвимость VPN-шлюза корпоративных сетей Ivanti Secure Access Client (ISAC) (ранее Pulse Secure Desktop Client) для операционных систем Windows, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 55%

0.00325

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-367