PT-2019-13998 · Cnlh · Nps

Nico Waisman

Publicado

2019-08-16

Atualizado

2025-04-23

CVE-2019-15119

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions cnlh nps versions 0.23.2 and earlier

Description The issue arises from the use of 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps in lib/install/install.go, allowing a local user to overwrite files.

Recommendations For versions 0.23.2 and earlier, consider changing the permissions of /usr/local/bin/nps and /usr/bin/nps to prevent file overwrites by local users. As a temporary workaround, restrict access to these files until a proper fix is applied.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2019-15119

GHSA-2VP2-8M5J-4RJX

GO-2025-3625

OPENSUSE-SU-2025:15017-1

Produtos afetados

Nps

PT-2019-13998 · Cnlh · Nps

CVE-2019-15119

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33