8.2
CVE-2020-11081
- EPSS 0.05%
- Veröffentlicht 10.07.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 04:56:44
- Quelle security-advisories@github.com
- Teams Watchlist Login
- Unerledigt Login
osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linuxfoundation ≫ Osquery Version < 4.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.16 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.2 | 1.5 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
| security-advisories@github.com | 5.3 | 0.8 | 4 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
|
CWE-114 Process Control
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.