Описание
Microsoft OneDrive for Android Elevation of Privilege Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.
FAQ
What privileges could an attacker gain with successful exploitation?
An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process.
This could lead to further system compromise and unauthorized actions within the network.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have no effect on availability (A:N). What does that mean for this vulnerability?
Exploiting this vulnerability could allow an attacker to disclose files and modify data, but the attacker cannot impact the Availability of the system.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.
Уязвимость службы размещения файлов OneDrive for Android, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю повысить свои привилегии
EPSS
6.5 Medium
CVSS3