The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106452 | Third Party Advisory VDB Entry |
https://code42.com/r/support/CVE-2018-20131 |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2019-01-03 01:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-20131
Mitre link : CVE-2018-20131
CVE.ORG link : CVE-2018-20131
JSON object : View
Products Affected
linux
- linux_kernel
code42
- code42
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource