Search criteria
6 vulnerabilities found for pritunl-client-electron by pritunl
CVE-2022-25372 (GCVE-0-2022-25372)
Vulnerability from nvd – Published: 2022-02-20 19:17 – Updated: 2024-08-03 04:36
VLAI?
Summary
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:07.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T11:56:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"name": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/",
"refsource": "MISC",
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25372",
"datePublished": "2022-02-20T19:17:02",
"dateReserved": "2022-02-20T00:00:00",
"dateUpdated": "2024-08-03T04:36:07.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27519 (GCVE-0-2020-27519)
Vulnerability from nvd – Published: 2021-04-30 13:16 – Updated: 2024-08-04 16:18
VLAI?
Summary
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T13:16:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27519",
"datePublished": "2021-04-30T13:16:08",
"dateReserved": "2020-10-21T00:00:00",
"dateUpdated": "2024-08-04T16:18:44.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25989 (GCVE-0-2020-25989)
Vulnerability from nvd – Published: 2020-11-19 20:51 – Updated: 2024-08-04 15:49
VLAI?
Summary
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T20:51:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vkas-afk.github.io/vuln-disclosures/",
"refsource": "MISC",
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25989",
"datePublished": "2020-11-19T20:51:35",
"dateReserved": "2020-09-24T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25372 (GCVE-0-2022-25372)
Vulnerability from cvelistv5 – Published: 2022-02-20 19:17 – Updated: 2024-08-03 04:36
VLAI?
Summary
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:07.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T11:56:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"name": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/",
"refsource": "MISC",
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25372",
"datePublished": "2022-02-20T19:17:02",
"dateReserved": "2022-02-20T00:00:00",
"dateUpdated": "2024-08-03T04:36:07.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27519 (GCVE-0-2020-27519)
Vulnerability from cvelistv5 – Published: 2021-04-30 13:16 – Updated: 2024-08-04 16:18
VLAI?
Summary
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T13:16:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27519",
"datePublished": "2021-04-30T13:16:08",
"dateReserved": "2020-10-21T00:00:00",
"dateUpdated": "2024-08-04T16:18:44.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25989 (GCVE-0-2020-25989)
Vulnerability from cvelistv5 – Published: 2020-11-19 20:51 – Updated: 2024-08-04 15:49
VLAI?
Summary
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T20:51:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vkas-afk.github.io/vuln-disclosures/",
"refsource": "MISC",
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25989",
"datePublished": "2020-11-19T20:51:35",
"dateReserved": "2020-09-24T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}