CVE-2019-13013

Published: Aug 23, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root.

Affected (1)

Products: Obdev: Little Snitch

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Obdev Little Snitch	From 4.3.0 to 4.3.2

Running on/with	Platform Versions
Apple Macos	All versions

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://obdev.at/cve/2019-13013-OSv2mEFD3z.html

Source: office@obdev.at

https://obdev.at/cve/2019-13013-OSv2mEFD3z.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.