Lucene search

41c37e40-543d-43a2-b660-2fee83ea851aNVD:CVE-2024-7062

HistoryJul 26, 2024 - 12:15 p.m.

CVE-2024-7062

2024-07-2612:15:03

CWE-863

41c37e40-543d-43a2-b660-2fee83ea851a

web.nvd.nist.gov

nimble commander

privilege escalation

improper validation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations.

Affected configurations

Nvd

Node

mikekazakovnimble_commanderRange<1.6.1

AND

applemacosMatch-

References

pentraze.com/vulnerability-reports/CVE-2024-7062/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

Related for NVD:CVE-2024-7062