CVE-2024-48992

EPSS 0.73%
Veröffentlicht 19.11.2024 18:15:21
Zuletzt bearbeitet 03.11.2025 23:16:24
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Needrestart Project ≫ Needrestart Version < 3.8

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.73%	0.728

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@ubuntu.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

Third Party Advisory

https://www.openwall.com/lists/oss-security/2024/11/19/1

Mailing List

https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f

Patch

https://www.cve.org/CVERecord?id=CVE-2024-48992

VDB Entry

http://seclists.org/fulldisclosure/2024/Nov/17

https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html

https://nvd.nist.gov/vuln/detail/CVE-2024-48992

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-48992

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-48992

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-48992