A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A privilege escalation vulnerability exists in the Veertu Anka Build 1.42.0. The vulnerability occurs during Anka node agent update. A low privilege user can trigger the update action which can result in unexpected elevation of privilege. | A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. |
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 03 Oct 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Veertu
Veertu anka Build |
|
CPEs | cpe:2.3:a:veertu:anka_build:1.42.0:*:*:*:*:*:*:* | |
Vendors & Products |
Veertu
Veertu anka Build |
|
Metrics |
ssvc
|
Thu, 03 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A privilege escalation vulnerability exists in the Veertu Anka Build 1.42.0. The vulnerability occurs during Anka node agent update. A low privilege user can trigger the update action which can result in unexpected elevation of privilege. | |
Weaknesses | CWE-282 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2024-10-03T15:16:10.308Z
Updated: 2024-12-18T14:31:20.169Z
Reserved: 2024-08-02T16:15:01.522Z
Link: CVE-2024-39755
Vulnrichment
Updated: 2024-10-03T17:02:47.885Z
NVD
Status : Awaiting Analysis
Published: 2024-10-03T16:15:05.230
Modified: 2024-12-18T15:15:10.370
Link: CVE-2024-39755
Redhat
No data.