PT-2019-12671 · Upwork · Upwork Time Tracker

Nathunandwani

Published

2019-07-23

Updated

2020-08-24

CVE-2019-12162

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Upwork Time Tracker version 5.2.2.716

Description The issue concerns the lack of verification of the SHA256 hash of downloaded program updates, potentially allowing code execution or local privilege escalation by replacing the original update.exe.

Recommendations For Upwork Time Tracker version 5.2.2.716, consider disabling automatic updates until a patch is available that properly verifies the integrity of updates before execution.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-494

Related Identifiers

CVE-2019-12162

Affected Products

Upwork Time Tracker

PT-2019-12671 · Upwork · Upwork Time Tracker

CVE-2019-12162

Weakness Enumeration

Related Identifiers

Affected Products

References · 4