Design/Logic Flaw

2019-01-3109:29:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.9%

JSON

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn’t have root access) to tamper with another’s installs.

CPENameOperatorVersion
keybaselt2.12.6

CPE	Name	Operator	Version
	keybase	lt	2.12.6

References

www.securityfocus.com/bid/106824

hackerone.com/reports/471739

keybase.io/docs/secadv/kb004