CVE-2019-15119

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions cnlh nps versions 0.23.2 and earlier

Description The issue arises from the use of 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps in lib/install/install.go, allowing a local user to overwrite files.

Recommendations For versions 0.23.2 and earlier, consider changing the permissions of /usr/local/bin/nps and /usr/bin/nps to prevent file overwrites by local users. As a temporary workaround, restrict access to these files until a proper fix is applied.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-15119

GHSA-2VP2-8M5J-4RJX

GO-2025-3625

OPENSUSE-SU-2025:15017-1

Affected Products

Nps

CVE-2019-15119

Weakness Enumeration

Related Identifiers

Affected Products

References · 33