src icon indicating copy to clipboard operation
src copied to clipboard

Published 20 hours ago verified publisher icon MidnightBSD

CVE-2024-5290 (High) detected in src3.1.5

Open mend-bolt-for-github[bot] opened this issue 1 year ago • 0 comments

CVE-2024-5290 - High Severity Vulnerability

Vulnerable Library - src3.1.5

MidnightBSD OS source code

Library home page: https://github.com/MidnightBSD/src.git

Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb

Found in base branches: stable/3.2, master

Vulnerable Source Files (1)

/crypto/tls_openssl.c

Vulnerability Details

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).

Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

Publish Date: 2024-08-07

URL: CVE-2024-5290

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Aug 16 '24 00:08 mend-bolt-for-github[bot]