Описание
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe.
Ссылки
- ProductVendor Advisory
- Third Party Advisory
- ProductVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:upwork:time_tracker:5.2.2.716:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00078
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-494
Связанные уязвимости
github
больше 3 лет назад
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe.
EPSS
Процентиль: 23%
0.00078
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-494