PT-2023-28882 · Croc · Croc

Matthias Gerstner

Published

2023-09-19

Updated

2024-08-21

CVE-2023-43621

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Croc versions prior to 9.6.16

Description An issue was discovered in Croc where the shared secret, located on a command line, can be read by local users who list all processes and their arguments.

Recommendations For Croc versions prior to 9.6.16, update to version 9.6.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the command line arguments to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-43621

GHSA-7G3V-4GGR-XVJF

GO-2023-2069

Affected Products

Croc

PT-2023-28882 · Croc · Croc

CVE-2023-43621

Related Identifiers

Affected Products

References · 16