Описание
Clash Verge Rev thru 2.2.3 forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API /start_clash, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation.
EPSS
Процентиль: 2%
0.00014
Низкий
7.8 High
CVSS3
Дефекты
CWE-250
Связанные уязвимости
CVSS3: 7.8
github
29 дней назад
Clash Verge Rev thru 2.2.3 forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation.
EPSS
Процентиль: 2%
0.00014
Низкий
7.8 High
CVSS3
Дефекты
CWE-250