Описание
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.
Ссылки
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:nakivo:backup_\&_replication_director:9.4.0.r43656:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
EPSS
Процентиль: 6%
0.00023
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-276
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.
EPSS
Процентиль: 6%
0.00023
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-276