CVE-2024-0833

Published: Jan 31, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

Affected (1)

Products: Progress: Telerik Test Studio

1 product

Telerik Test Studio

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Progress Telerik Test Studio	Before 2023.3.1330

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability

Source: security@progress.com

Vendor Advisory

https://www.telerik.com/teststudio

Source: security@progress.com

Product

https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.telerik.com/teststudio

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.