Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.
References
Link | Resource |
---|---|
https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e | Patch Third Party Advisory |
https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899 | Patch Third Party Advisory |
https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce | Patch Third Party Advisory |
Configurations
History
11 May 2021, 12:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CPE | cpe:2.3:a:pritunl:pritunl-client-electron:1.2.2550.20:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e - Patch, Third Party Advisory | |
References | (MISC) https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899 - Patch, Third Party Advisory |
30 Apr 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-30 14:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-27519
Mitre link : CVE-2020-27519
CVE.ORG link : CVE-2020-27519
JSON object : View
Products Affected
pritunl
- pritunl-client-electron
CWE
CWE-269
Improper Privilege Management