PT-2022-2283 · Swhkd · Swhkd

Mgerstner

Published

2022-03-29

Updated

2022-10-06

CVE-2022-27815

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions SWHKD versions 1.1.5 and prior

Description The issue is related to the use of the /tmp/swhkd.pid pathname by the SWHKD daemon, which can lead to information leaks or denial of service. This is because the /tmp directory is accessible to all users. The exploitation of this issue may allow a remote attacker to access protected information or cause a denial of service.

Recommendations For SWHKD versions 1.1.5 and prior, consider updating to a version where this issue is fixed, such as a version from the 1.1.0 branch of the repository, where a patch is available. As a temporary workaround, consider restricting access to the /tmp/swhkd.pid file to minimize the risk of exploitation.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-377CWE-59

Related Identifiers

BDU:2022-02458

CVE-2022-27815

GHSA-P4JG-PCCF-H82C

Affected Products

Swhkd

PT-2022-2283 · Swhkd · Swhkd

CVE-2022-27815

Weakness Enumeration

Related Identifiers

Affected Products

References · 12