PT-2023-27411 · Secudos · Secudos Qiata

Nico Viakowski

Publicado

2023-10-19

Atualizado

2023-10-26

CVE-2023-40361

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SECUDOS Qiata (DOMOS OS) version 4.13

Description The issue is related to insecure permissions for the previewRm.sh daily cronjob. An attacker needs access as a low-privileged user to the underlying DOMOS system to exploit this. Every user on the system has write permission for previewRm.sh, which is executed by the root user.

Recommendations For SECUDOS Qiata (DOMOS OS) version 4.13, consider restricting write permissions for the previewRm.sh script to prevent low-privileged users from modifying it. As a temporary workaround, consider disabling the execution of the previewRm.sh cronjob until a patch is available.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2023-40361

Produtos afetados

Secudos Qiata

PT-2023-27411 · Secudos · Secudos Qiata

CVE-2023-40361

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5