In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.
References
Link | Resource |
---|---|
https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability | Vendor Advisory |
https://www.telerik.com/products/decompiler.aspx | Product |
Configurations
History
09 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability - Vendor Advisory | |
References | () https://www.telerik.com/products/decompiler.aspx - Product | |
Summary |
|
|
First Time |
Progress telerik Justdecompile
Progress |
|
CPE | cpe:2.3:a:progress:telerik_justdecompile:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo |
31 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
31 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-31 16:15
Updated : 2024-02-09 17:15
NVD link : CVE-2024-0219
Mitre link : CVE-2024-0219
CVE.ORG link : CVE-2024-0219
JSON object : View
Products Affected
progress
- telerik_justdecompile
CWE