CVE-2024-48618

critical

Description

Addressed potential issues where the application could be exposed to a Privilege Escalation vulnerability when performing an update or installing a plugin, which attackers could exploit to delete arbitrary files or execute arbitrary code so as to carry out privilege escalation attacks. This occurs due to the incorrect permission assignment on the resources used by the update service, improper signature validation and incomplete certificate check for the updater, weak randomness setting for the name of the temporary folder during a plugin installation, or improper DLL loading without using the built-in manifest file. (CVE-2024-9245, CVE-2024-9244, CVE-2024-38393, CVE-2024-48618)

Details

Source: Mitre, NVD

Published: 2024-10-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical