Описание
A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:plugin-alliance:installation_manager:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
EPSS
Процентиль: 4%
0.0002
Низкий
6.2 Medium
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 6.2
github
2 месяца назад
A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.
EPSS
Процентиль: 4%
0.0002
Низкий
6.2 Medium
CVSS3
Дефекты
CWE-269