Skip to content

Privilege Escalation Vulnerability by wrong chmod param

Moderate
4ra1n published GHSA-2g28-xrw6-fq5f Nov 21, 2022

Package

super-xray (super-xray)

Affected versions

0.2-beta

Patched versions

0.3-beta

Description

Severity

  • 安全级别:Moderate
  • 攻击向量:本地
  • 攻击复杂度:高
  • 需要权限:高
  • 用户交互:无
  • 范围:无更改
  • 机密性影响:高
  • 完整性影响:高
  • 可用性影响:高

Vendor

super-xray

Versions Affected

0.3-beta

Description

由于错误地默认将xray变成777权限,导致权限提升漏洞

注意:仅影响LinuxMac OS系统

    public static void chmod(String path) {
        String[] chmodCmd = new String[]{"/bin/chmod", "777", path};
        exec(chmodCmd);
    }

Mitigation

users should upgrade to super-xray 0.3-beta

Credit

This issue was reported in github issues.

Severity

Moderate
6.4
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
High
Privileges required
High
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE ID

CVE-2022-41950

Weaknesses