PT-2019-12671 · Upwork · Upwork Time Tracker

Nathunandwani

Publicado

2019-07-23

Atualizado

2020-08-24

CVE-2019-12162

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Upwork Time Tracker version 5.2.2.716

Description The issue concerns the lack of verification of the SHA256 hash of downloaded program updates, potentially allowing code execution or local privilege escalation by replacing the original update.exe.

Recommendations For Upwork Time Tracker version 5.2.2.716, consider disabling automatic updates until a patch is available that properly verifies the integrity of updates before execution.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-494

Identificadores relacionados

CVE-2019-12162

Produtos afetados

Upwork Time Tracker

PT-2019-12671 · Upwork · Upwork Time Tracker

CVE-2019-12162

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4