Описание
osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0.
Ссылки
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.4.0 (исключая)
cpe:2.3:a:linuxfoundation:osquery:*:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
5.3 Medium
CVSS3
8.2 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-114
CWE-426
Связанные уязвимости
CVSS3: 5.3
debian
больше 5 лет назад
osquery before version 4.4.0 enables a privilege escalation vulnerabil ...
EPSS
Процентиль: 16%
0.00052
Низкий
5.3 Medium
CVSS3
8.2 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-114
CWE-426