PT-2023-28882 · Croc · Croc

Matthias Gerstner

Publicado

2023-09-19

Atualizado

2024-08-21

CVE-2023-43621

CVSS v3.1

4.7

Média

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Croc versions prior to 9.6.16

Description An issue was discovered in Croc where the shared secret, located on a command line, can be read by local users who list all processes and their arguments.

Recommendations For Croc versions prior to 9.6.16, update to version 9.6.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the command line arguments to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-43621

GHSA-7G3V-4GGR-XVJF

GO-2023-2069

Produtos afetados

Croc

PT-2023-28882 · Croc · Croc

CVE-2023-43621

Identificadores relacionados

Produtos afetados

Referências · 16