CVE-2018-1000209

Name of the Vulnerable Software and Affected Versions Sensu Core versions prior to 1.4.2-3

Description The issue allows unprivileged users to execute code in the context of the Sensu service account due to insecure permissions in Sensu Core on Windows platforms. This can be exploited by an unprivileged user placing an arbitrary DLL in the c:optsensuembeddedbin directory, taking advantage of standard Windows DLL load order behavior.

Recommendations For versions prior to 1.4.2-3, update to version 1.4.2-3 or later to resolve the issue. As a temporary workaround, consider restricting access to the c:optsensuembeddedbin directory to prevent arbitrary DLL placement.