CVE-2022-41950

2022-11-2218:15:10

CWE-250

[email protected]

web.nvd.nist.gov

super-xray

gui

vulnerability

privilege escalation

upgrade

linux

mac os

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta.

Affected configurations

Nvd

Node

super_xray_projectsuper_xrayMatch0.2beta

AND

applemacosMatch-

linuxlinux_kernelMatch-

VendorProductVersionCPE
super_xray_projectsuper_xray0.2cpe:2.3:a:super_xray_project:super_xray:0.2:beta:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
super_xray_project	super_xray	0.2	cpe:2.3:a:super_xray_project:super_xray:0.2:beta::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*