CVE-2014-2096

2014-02-2614:55:08

[email protected]

web.nvd.nist.gov

cve-2014-2096

catfish

vulnerability

local users

privileges

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.

Affected configurations

NVD

Node

catfish_projectcatfishMatch0.6.0

catfish_projectcatfishMatch0.6.1

catfish_projectcatfishMatch0.6.2

catfish_projectcatfishMatch0.6.3

catfish_projectcatfishMatch0.6.4

catfish_projectcatfishMatch0.8.0

catfish_projectcatfishMatch0.8.1

catfish_projectcatfishMatch0.8.2

catfish_projectcatfishMatch1.0.0

CPENameOperatorVersion
catfish_project:catfishcatfish project catfisheq0.6.0
catfish_project:catfishcatfish project catfisheq0.6.1
catfish_project:catfishcatfish project catfisheq0.6.2
catfish_project:catfishcatfish project catfisheq0.6.3
catfish_project:catfishcatfish project catfisheq0.6.4
catfish_project:catfishcatfish project catfisheq0.8.0
catfish_project:catfishcatfish project catfisheq0.8.1
catfish_project:catfishcatfish project catfisheq0.8.2
catfish_project:catfishcatfish project catfisheq1.0.0

CPE	Name	Operator	Version
catfish_project:catfish	catfish project catfish	eq	0.6.0
catfish_project:catfish	catfish project catfish	eq	0.6.1
catfish_project:catfish	catfish project catfish	eq	0.6.2
catfish_project:catfish	catfish project catfish	eq	0.6.3
catfish_project:catfish	catfish project catfish	eq	0.6.4
catfish_project:catfish	catfish project catfish	eq	0.8.0
catfish_project:catfish	catfish project catfish	eq	0.8.1
catfish_project:catfish	catfish project catfish	eq	0.8.2
catfish_project:catfish	catfish project catfish	eq	1.0.0