CVE-2024-30964

Name of the Vulnerable Software and Affected Versions Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble

Description The issue allows a local attacker to execute arbitrary code via the initial pose sub thread created by nav2 bt navigator. This is due to an Insecure Permissions vulnerability in the Open Robotics Robotic Operating System 2 (ROS2) navigation2.

Recommendations For Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble, consider restricting access to the nav2 bt navigator function to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.