Products
Performance Co-Pilot (PCP)
Source
secalert@redhat.com
Tags
CVE-2024-45770 details
Published : Sept. 19, 2024, 9:15 a.m.
Last Modified : Sept. 19, 2024, 2:15 p.m.
Last Modified : Sept. 19, 2024, 2:15 p.m.
Description
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
CVSS Score
1 | 2 | 3 | 4.4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-59 | Improper Link Resolution Before File Access ('Link Following') | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
4.4
Exploitability Score
1.8
Impact Score
2.5
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References
URL | Source |
---|---|
https://access.redhat.com/errata/RHSA-2024:6837 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:6840 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:6842 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:6843 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:6844 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:6846 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:6847 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:6848 | secalert@redhat.com |
https://access.redhat.com/security/cve/CVE-2024-45770 | secalert@redhat.com |
https://bugzilla.redhat.com/show_bug.cgi?id=2310451 | secalert@redhat.com |
This website uses the NVD API, but is not approved or certified by it.