An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code.
Fixed in v202109-1.Īdobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access. Seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.ĮCOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected.
