← voltar
CVE-2024-6141

Windscribe Directory Traversal Local Privilege Escalation Vulnerability

CVSS 7.8 HIGHEPSS 0.6%CWE-22
Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windscribe Service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23441.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Windscribe · Windscribe

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Windscribe/Desktop-App/blob/90a5cc3c1f50f6545f83969c2ace6b4ac2c91c4e/client/common/changelog.txt#L23https://www.zerodayinitiative.com/advisories/ZDI-24-820/