exploitDog

CVE-2024-13177

Опубликовано: 15 апр. 2025

Источник: nvd

EPSS Низкий

Описание

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.

Ссылки

https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation

EPSS

Процентиль: 6%

0.00024

Низкий

Дефекты

CWE-610

Связанные уязвимости

GHSA-6x8p-pjfm-rgxq

github

10 месяцев назад

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.

EPSS

Процентиль: 6%

0.00024

Низкий

Дефекты

CWE-610