BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.
References
Link | Resource |
---|---|
https://binarynights.com/blog/posts/forklift-3-4-security-update.html | Release Notes Vendor Advisory |
https://insinuator.net/2020/11/forklift-lpe/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-17T01:56:05
Updated: 2020-11-17T01:56:05
Reserved: 2020-06-26T00:00:00
Link: CVE-2020-15349
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-17T02:15:13.330
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-15349
JSON object: View
Redhat Information
No data.
CWE