Search criteria
6 vulnerabilities found for pritunl-client-electron by pritunl
CVE-2022-25372 (GCVE-0-2022-25372)
Vulnerability from nvd – Published: 2022-02-20 19:17 – Updated: 2024-08-03 04:36
VLAI
Summary
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://rhinosecuritylabs.com/penetration-testing… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:07.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T11:56:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"name": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/",
"refsource": "MISC",
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25372",
"datePublished": "2022-02-20T19:17:02.000Z",
"dateReserved": "2022-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:07.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27519 (GCVE-0-2020-27519)
Vulnerability from nvd – Published: 2021-04-30 13:16 – Updated: 2024-08-04 16:18
VLAI
Summary
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T13:16:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27519",
"datePublished": "2021-04-30T13:16:08.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:18:44.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25989 (GCVE-0-2020-25989)
Vulnerability from nvd – Published: 2020-11-19 20:51 – Updated: 2024-08-04 15:49
VLAI
Summary
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vkas-afk.github.io/vuln-disclosures/ | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_CONFIRM |
Date Public
2020-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T20:51:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vkas-afk.github.io/vuln-disclosures/",
"refsource": "MISC",
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25989",
"datePublished": "2020-11-19T20:51:35.000Z",
"dateReserved": "2020-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:06.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25372 (GCVE-0-2022-25372)
Vulnerability from cvelistv5 – Published: 2022-02-20 19:17 – Updated: 2024-08-03 04:36
VLAI
Summary
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://rhinosecuritylabs.com/penetration-testing… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:07.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T11:56:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"name": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/",
"refsource": "MISC",
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25372",
"datePublished": "2022-02-20T19:17:02.000Z",
"dateReserved": "2022-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:07.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27519 (GCVE-0-2020-27519)
Vulnerability from cvelistv5 – Published: 2021-04-30 13:16 – Updated: 2024-08-04 16:18
VLAI
Summary
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T13:16:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27519",
"datePublished": "2021-04-30T13:16:08.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:18:44.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25989 (GCVE-0-2020-25989)
Vulnerability from cvelistv5 – Published: 2020-11-19 20:51 – Updated: 2024-08-04 15:49
VLAI
Summary
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vkas-afk.github.io/vuln-disclosures/ | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_CONFIRM |
Date Public
2020-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T20:51:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vkas-afk.github.io/vuln-disclosures/",
"refsource": "MISC",
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25989",
"datePublished": "2020-11-19T20:51:35.000Z",
"dateReserved": "2020-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:06.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}