Lucene search

K
cve[email protected]CVE-2021-34426
HistoryDec 14, 2021 - 8:15 p.m.

CVE-2021-34426

2021-12-1420:15:07
web.nvd.nist.gov
29
cve-2021-34426
keybase client
windows
vulnerability
command execution
nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.6%

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the “keybase git lfs-config” command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user's local system.

Affected configurations

NVD
Node
microsoftwindowsMatch-
AND
keybasekeybaseRange<5.6.0
CPENameOperatorVersion
keybase:keybasekeybaselt5.6.0

CNA Affected

[
  {
    "product": "Keybase Client for Windows",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.6.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.6%

Related for CVE-2021-34426