New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unquoted service path #657
Comments
|
Thank you very much for your bug report and sharing your findings! The issue has been fixed via f231ec5 and will be fixed in the upcoming 4.4.2 release. |
|
Hello, This issue was discovered by me months before, specifically at the end of March 2020. Thanks. |
|
Hi @takito1812 |
Hi Veyon team,
After installing Veyon v4.4.1, I noticed that its service, "VeyonService", is hijackable due to the unquoted service path. Using this vulnerability, attackers can execute different files as VeyonService. It allows local users to replace the service with arbitrary code to escalate their privileges. I hope you check this link for more details: https://cwe.mitre.org/data/definitions/428.html
The text was updated successfully, but these errors were encountered: