Vulnerability-Lookup

CVE-2018-1141 (GCVE-0-2018-1141)

Vulnerability from cvelistv5 – Published: 2018-03-20 18:00 – Updated: 2024-09-16 17:58

Summary

Severity ?

No CVSS data available.

CWE

Local Privilege Escalation

Assigner

tenable

References

URL

	Vendor	Product	Version
	Tenable	Nessus	Affected: All versions prior to 7.0.3

GSD-2018-1141

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1141

Aliases

CVE-2018-1141

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1141",
    "description": "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.",
    "id": "GSD-2018-1141"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1141"
      ],
      "details": "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.",
      "id": "GSD-2018-1141",
      "modified": "2023-12-13T01:22:37.523004Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vulnreport@tenable.com",
        "DATE_PUBLIC": "2018-03-19T00:00:00",
        "ID": "CVE-2018-1141",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Nessus",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions prior to 7.0.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Tenable"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Local Privilege Escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.tenable.com/security/tns-2018-01",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2018-01"
          },
          {
            "name": "1040557",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040557"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2018-1141"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-732"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/tns-2018-01",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2018-01"
            },
            {
              "name": "1040557",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040557"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-03-20T18:29Z"
    }
  }
}

CNVD-2018-06265

Vulnerability from cnvd - Published: 2018-03-26

Title

Tenable Network Security Nessus权限提升漏洞

Description

Tenable Network Security Nessus是美国Tenable Network Security公司的一款具有较强可扩展性的开源漏洞扫描器。 Tenable Network Security Nessus中存在安全漏洞。本地攻击者可利用该漏洞提升权限。

Severity

低

Patch Name

Tenable Network Security Nessus权限提升漏洞的补丁

Patch Description

Tenable Network Security Nessus是美国Tenable Network Security公司的一款具有较强可扩展性的开源漏洞扫描器。 Tenable Network Security Nessus中存在安全漏洞。本地攻击者可利用该漏洞提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.tenable.com/security/tns-2018-01

Reference

https://www.tenable.com/security/tns-2018-01

Impacted products

Name
Tenable Network Security Nessus <7.0.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1141"
    }
  },
  "description": "Tenable Network Security Nessus\u662f\u7f8e\u56fdTenable Network Security\u516c\u53f8\u7684\u4e00\u6b3e\u5177\u6709\u8f83\u5f3a\u53ef\u6269\u5c55\u6027\u7684\u5f00\u6e90\u6f0f\u6d1e\u626b\u63cf\u5668\u3002\r\n\r\nTenable Network Security Nessus\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "@n0x00",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.tenable.com/security/tns-2018-01",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06265",
  "openTime": "2018-03-26",
  "patchDescription": "Tenable Network Security Nessus\u662f\u7f8e\u56fdTenable Network Security\u516c\u53f8\u7684\u4e00\u6b3e\u5177\u6709\u8f83\u5f3a\u53ef\u6269\u5c55\u6027\u7684\u5f00\u6e90\u6f0f\u6d1e\u626b\u63cf\u5668\u3002\r\n\r\nTenable Network Security Nessus\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Tenable Network Security Nessus\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Tenable Network Security Nessus \u003c7.0.3"
  },
  "referenceLink": "https://www.tenable.com/security/tns-2018-01",
  "serverity": "\u4f4e",
  "submitTime": "2018-03-23",
  "title": "Tenable Network Security Nessus\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

VAR-201803-1737

Vulnerability from variot - Updated: 2024-11-23 21:53

When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. Nessus Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TenableNetworkSecurityNessus is an open source vulnerability scanner with strong scalability from TenableNetworkSecurity. A security vulnerability exists in TenableNetworkSecurityNessus. A local attacker could exploit this vulnerability to increase privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1737",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nessus",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "tenable",
        "version": "7.0.3"
      },
      {
        "model": "network security nessus",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "7.0.3"
      },
      {
        "model": "nessus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "6.10.6"
      },
      {
        "model": "nessus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "6.9.3"
      },
      {
        "model": "nessus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "6.10.9"
      },
      {
        "model": "nessus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "6.10.0"
      },
      {
        "model": "nessus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "6.10.5"
      },
      {
        "model": "nessus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "6.10.8"
      },
      {
        "model": "nessus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "6.10.4"
      },
      {
        "model": "nessus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "6.10.7"
      },
      {
        "model": "nessus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "6.10.3"
      },
      {
        "model": "nessus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tenable",
        "version": "6.10.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1141"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:tenable:nessus",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      }
    ]
  },
  "cve": "CVE-2018-1141",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2018-1141",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.7,
            "id": "CNVD-2018-06265",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "id": "CVE-2018-1141",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-1141",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-1141",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-06265",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-702",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1141"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. Nessus Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TenableNetworkSecurityNessus is an open source vulnerability scanner with strong scalability from TenableNetworkSecurity. A security vulnerability exists in TenableNetworkSecurityNessus. A local attacker could exploit this vulnerability to increase privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1141",
        "trust": 3.0
      },
      {
        "db": "TENABLE",
        "id": "TNS-2018-01",
        "trust": 2.2
      },
      {
        "db": "SECTRACK",
        "id": "1040557",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06265",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-702",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1141"
      }
    ]
  },
  "id": "VAR-201803-1737",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:53:18.416000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[R2] Nessus 7.0.3 Fixes One Vulnerability",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2018-01"
      },
      {
        "title": "TenableNetworkSecurityNessus privilege escalation vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/123031"
      },
      {
        "title": "Tenable Network Security Nessus Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79304"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-702"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-732",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1141"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.tenable.com/security/tns-2018-01"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1040557"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1141"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1141"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1141"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1141"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      },
      {
        "date": "2018-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      },
      {
        "date": "2018-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-702"
      },
      {
        "date": "2018-03-20T18:29:00.320000",
        "db": "NVD",
        "id": "CVE-2018-1141"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06265"
      },
      {
        "date": "2018-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-702"
      },
      {
        "date": "2024-11-21T03:59:16.447000",
        "db": "NVD",
        "id": "CVE-2018-1141"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-702"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nessus Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003374"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-702"
      }
    ],
    "trust": 0.6
  }
}

GHSA-3PMQ-RCW5-RM9V

Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49

Details

Severity ?

7.0 (High)


                  
                    CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-20T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.",
  "id": "GHSA-3pmq-rcw5-rm9v",
  "modified": "2022-05-13T01:49:13Z",
  "published": "2022-05-13T01:49:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1141"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2018-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040557"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2018-AVI-139

Vulnerability from certfr_avis - Published: 2018-03-21 - Updated: 2018-03-21

Une vulnérabilité a été découverte dans Tenable Nessus. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus	Nessus versions antérieures à 7.0.3

References

Title

Publication Time

FKIE_CVE-2018-1141

Vulnerability from fkie_nvd - Published: 2018-03-20 18:29 - Updated: 2024-11-21 03:59

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vulnreport@tenable.com	http://www.securitytracker.com/id/1040557	Third Party Advisory, VDB Entry
vulnreport@tenable.com	https://www.tenable.com/security/tns-2018-01	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040557	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2018-01	Vendor Advisory

Impacted products

	Vendor	Product	Version
	tenable	nessus	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9344A9E-78F0-4EE8-B1DC-7C3790DF5E07",
              "versionEndExcluding": "7.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location."
    },
    {
      "lang": "es",
      "value": "Al instalar Nessus en un directorio fuera de la localizaci\u00f3n por defecto, las versiones anteriores a la 7.0.3 de Nessus no aplicaban permisos seguros para los subdirectorios. Esto podr\u00eda permitir un escalado de privilegios locales si los usuarios no aseguran los directorios en la ubicaci\u00f3n de instalaci\u00f3n."
    }
  ],
  "id": "CVE-2018-1141",
  "lastModified": "2024-11-21T03:59:16.447",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-20T18:29:00.320",
  "references": [
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040557"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2018-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2018-01"
    }
  ],
  "sourceIdentifier": "vulnreport@tenable.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1141 (GCVE-0-2018-1141)

GSD-2018-1141

CNVD-2018-06265

VAR-201803-1737

GHSA-3PMQ-RCW5-RM9V

CERTFR-2018-AVI-139

Solution

FKIE_CVE-2018-1141

Tags

Sightings

Nomenclature