CVE-2024-13177

MEDIUM Year: 2024
Weakness Type
CWE-610
View all →

Vulnerability Description

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.

Related Vulnerabilities

CVE-2017-16088

CRITICAL
CVSS:10.0(Critical)

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the ...

CWE-6102017

CVE-2019-7290

CRITICAL
CVSS:10.0(Critical)

An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.

CWE-6102019

CVE-2022-39206

CRITICAL
CVSS:9.9(Critical)

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. ...

CWE-6102022

CVE-2020-14057

CRITICAL
CVSS:9.8(Critical)

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execu...

CWE-6102020

CVE-2021-43685

CRITICAL
CVSS:9.8(Critical)

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.

CWE-6102021

CVE-2021-44041

CRITICAL
CVSS:9.8(Critical)

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to e...

CWE-6102021