CVE-2024-39934

Published: Jul 4, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: MITRE (Secondary)

Description

Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

https://checkmk.com/werk/16434

Source: cve@mitre.org

https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715e

Source: cve@mitre.org

https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1

Source: cve@mitre.org

https://github.com/elabit/robotmk/releases/tag/v2.0.1

Source: cve@mitre.org

https://checkmk.com/werk/16434

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715e

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/elabit/robotmk/releases/tag/v2.0.1

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.