Описание
A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8.
Ссылки
- Product
- Patch
- Patch
- ExploitPress/Media CoverageThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия от 2.10.1 (включая) до 2.17.10 (включая)
Одно из
cpe:2.3:a:windscribe:windscribe:*:*:*:*:*:linux:*:*
cpe:2.3:a:windscribe:windscribe:2.18.1:alpha:*:*:*:linux:*:*
cpe:2.3:a:windscribe:windscribe:2.18.3:*:*:*:*:linux:*:*
cpe:2.3:a:windscribe:windscribe:2.18.5:*:*:*:*:linux:*:*
EPSS
Процентиль: 21%
0.00067
Низкий
7.8 High
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.8
github
около 2 месяцев назад
A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8.
EPSS
Процентиль: 21%
0.00067
Низкий
7.8 High
CVSS3
Дефекты
CWE-78