CVE-2024-28139
CVSS V2 None
CVSS V3 None
Description
The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future.
Overview
- CVE ID
- CVE-2024-28139
- Assigner
- SEC-VLab
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-11T15:36:49.878Z
- Last Modified Date
- 2024-12-11T16:08:14.057Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://r.sec-consult.com/imageaccess | third-party-advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-28139 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28139 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-12 13:26:40 | Added to TrackCVE |