Headline
CVE-2022-41950: Privilege Escalation Vulnerability by wrong chmod param
super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta.
Package
super-xray (super-xray)
Affected versions
0.2-beta
Patched versions
0.3-beta
Description
Severity
- 安全级别:Moderate
- 攻击向量:本地
- 攻击复杂度:高
- 需要权限:高
- 用户交互:无
- 范围:无更改
- 机密性影响:高
- 完整性影响:高
- 可用性影响:高
Vendor
super-xray
Versions Affected
0.3-beta
Description
由于错误地默认将xray变成777权限,导致权限提升漏洞
注意:仅影响Linux和Mac OS系统
public static void chmod(String path) {
String\[\] chmodCmd = new String\[\]{"/bin/chmod", "777", path};
exec(chmodCmd);
}
Mitigation
users should upgrade to super-xray 0.3-beta
Credit
This issue was reported in github issues.