CVE-2024-28139
Privilege escalation through sudo misconfiguration
The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Image Access GmbH · Scan2Net¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →