CVE-2020-11081
8.2
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Exploitability: 1.5 / Impact: 6.0
Source: NVD
Description
osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0.
Affected (1)
Products: Linuxfoundation: Osquery
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.0 |
Related CWEs
CWE-114
Process Control
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
References (10)
Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
ExploitIssue TrackingThird Party Advisory
Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
Release NotesThird Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.