CVE-2024-0394

Name of the Vulnerable Software and Affected Versions Rapid7 Minerva Armor versions prior to 4.5.5

Description The issue is a privilege escalation vulnerability that allows an authenticated attacker to elevate privileges and execute arbitrary code with SYSTEM privilege. This is caused by the product's implementation of OpenSSL's OPENSSLDIR parameter, which is set to a path accessible to low-privileged users.

Recommendations For versions prior to 4.5.5, update to version 4.5.5 to resolve the issue. As a temporary workaround, consider restricting access to the OPENSSLDIR path to prevent low-privileged users from exploiting the vulnerability.