Lucene search

[email protected]NVD:CVE-2023-26603

HistoryApr 26, 2024 - 8:15 p.m.

CVE-2023-26603

2024-04-2620:15:07

CWE-378

[email protected]

web.nvd.nist.gov

jumpcloud agent

temporary file

insecure permissions

privilege escalation

installer

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer.

References

community.jumpcloud.com/t5/jumpcloud-product-news/bd-p/releases

github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0003.md

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2023-26603

cve1 cvelist1 vulnrichment1