GitHub_MCVELIST:CVE-2020-15145CVE-2020-15145 Local privilege elevation in Composer-Setup for Windows
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
5.1%
In Composer-Setup for Windows before version 6.0.0, if the developer’s computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing C:\ProgramData\ComposerSetup\bin\composer.bat in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the C:\ProgramData\ComposerSetup\bin folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability.
CNA Affected
[
{
"product": "windows-setup",
"vendor": "composer",
"versions": [
{
"status": "affected",
"version": "< 6.0.0"
}
]
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
5.1%