CVE-2024-38531 - OpenCVE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38531", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-18T16:37:02.729Z", "datePublished": "2024-06-28T13:18:58.604Z", "dateUpdated": "2024-07-08T19:37:03.431Z"}, "containers": {"cna": {"title": "Nix sandbox escape", "problemTypes": [{"descriptions": [{"cweId": "CWE-278", "lang": "en", "description": "CWE-278: Insecure Preserved Inherited Permissions", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5"}, {"name": "https://github.com/NixOS/nix/pull/10501", "tags": ["x_refsource_MISC"], "url": "https://github.com/NixOS/nix/pull/10501"}], "affected": [{"vendor": "NixOS", "product": "nix", "versions": [{"version": ">= 2.23.0, < 2.23.1", "status": "affected"}, {"version": ">= 2.22.0, < 2.22.2", "status": "affected"}, {"version": ">= 2.21.0, < 2.21.3", "status": "affected"}, {"version": ">= 2.20.0, < 2.20.7", "status": "affected"}, {"version": ">= 2.19.0, < 2.19.5", "status": "affected"}, {"version": ">= 2.18.0, < 2.18.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-28T13:18:58.604Z"}, "descriptions": [{"lang": "en", "value": "Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4."}], "source": {"advisory": "GHSA-q82p-44mg-mgh5", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-05T15:26:22.607904Z", "id": "CVE-2024-38531", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:37:03.431Z"}}]}}

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

JSON object

JSON object

JSON object