CVE-2024-39934

high

Description

Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment.

References

https://github.com/elabit/robotmk/releases/tag/v2.0.1

https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1

https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715e

https://checkmk.com/werk/16434

Details

Source: Mitre, NVD

Published: 2024-07-04

Updated: 2024-07-08

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:P/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics