CVE-2024-28139

CVSS V2 None CVSS V3 None
Description
The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future.
Overview
  • CVE ID
  • CVE-2024-28139
  • Assigner
  • SEC-VLab
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-11T15:36:49.878Z
  • Last Modified Date
  • 2024-12-11T16:08:14.057Z
References
Reference URL Reference Tags
https://r.sec-consult.com/imageaccess third-party-advisory
History
Created Old Value New Value Data Type Notes
2024-12-12 13:26:40 Added to TrackCVE