CVE-2024-0219

Published: Jan 31, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

Affected (1)

Products: Progress: Telerik Justdecompile

1 product

Telerik Justdecompile

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Progress Telerik Justdecompile	Up to 2019.1.118.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability

Source: security@progress.com

Vendor Advisory

https://www.telerik.com/products/decompiler.aspx

Source: security@progress.com

Product

https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.telerik.com/products/decompiler.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.