CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-1000209

HIGH
8.8
CVSS Severity Score
EPSS Score0.1540%
EPSS Percentile36.53th
Published2018年7月13日
Last Modified2024年11月21日

Vulnerability Description

Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later.

Affected Platforms (CPE)

📦
Sensu

Sensu Core

< 1.4.2-3

References & Advisories

🔗 https://docs.sensu.io/sensu-core/1.4/changelog/#core-v1-4-2
🔗 https://docs.sensu.io/sensu-core/1.4/changelog/#core-v1-4-2

相關漏洞威脅

CVE-2018-10000609.8

Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerabil...

CVE-2018-1716010.0

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by b...

CVE-2018-1884310.0

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSR...

CVE-2018-1381610.0

A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 10...