Описание
In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitPatchThird Party Advisory
- ExploitPatchVendor Advisory
- Third Party AdvisoryVDB Entry
- ExploitPatchThird Party Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.12.6 (исключая)
cpe:2.3:a:keybase:keybase:*:*:*:*:*:macos:*:*
EPSS
Процентиль: 83%
0.01998
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-367
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.
EPSS
Процентиль: 83%
0.01998
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-367