CVE-2020-15850

Name of the Vulnerable Software and Affected Versions Nakivo Backup & Replication Director version 9.4.0.r43656

Description The issue arises from insecure permissions, allowing local users to access the Nakivo Director web interface and potentially gain root privileges. This is due to the database, which contains web application users and the password-recovery secret value, being readable.

Recommendations For Nakivo Backup & Replication Director version 9.4.0.r43656, consider restricting access to the database containing user information and password-recovery secret values to prevent unauthorized access and potential privilege escalation. As a temporary workaround, limit local user access to the Nakivo Director web interface until a more secure configuration or update is available.