CVE-2021-34426

Опубликовано: 14 дек. 2021

Источник: nvd

CVSS3: 5.3

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user's local system.

Ссылки

https://explore.zoom.us/en/trust/security/security-bulletin
Third Party Advisory
https://explore.zoom.us/en/trust/security/security-bulletin
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:keybase:keybase:*:*:*:*:*:*:*:*

Версия до 5.6.0 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00045

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-h72j-pmww-phww

CVSS3: 7.8

github

около 4 лет назад

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user’s Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user’s local system.

EPSS

Процентиль: 14%

0.00045

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo