PT-2024-15393 · Telerik · Telerik Justdecompile

Published

2024-01-31

Updated

2024-02-09

CVE-2024-0219

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Telerik JustDecompile versions prior to 2024 R1

Description A privilege elevation vulnerability has been identified in the application's installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

Recommendations For versions prior to 2024 R1, update to version 2024 R1 or later to resolve the issue. As a temporary workaround, consider restricting access to the installer component to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2024-0219

Affected Products

Telerik Justdecompile

PT-2024-15393 · Telerik · Telerik Justdecompile

CVE-2024-0219

Weakness Enumeration

Related Identifiers

Affected Products

References · 7