exploitDog

CVE-2019-19014

Опубликовано: 02 дек. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.

Ссылки

https://write-up.github.io/webtitan/
Exploit
Third Party Advisory
https://www.webtitan.com/resources/product-updates/
Release Notes
Vendor Advisory
https://write-up.github.io/webtitan/
Exploit
Third Party Advisory
https://www.webtitan.com/resources/product-updates/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:titanhq:webtitan:*:*:*:*:*:*:*:*

Версия до 5.18 (исключая)

EPSS

Процентиль: 34%

0.00134

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-22wx-h7xw-m85j

CVSS3: 7.8

github

около 3 лет назад

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.

EPSS

Процентиль: 34%

0.00134

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-269