CVE-2023-40361

2023-10-2000:00:00

mitre

www.cve.org

secudos qiata

domos os

insecure permissions

previewrm.sh

cronjob

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user.

References

github.com/vianic/CVE-2023-40361/blob/main/advisory/advisory.md