Local Privilege Escalation Vulnerability in Enlightenment by Enlightenment Foundation
CVE-2014-1845

7.8HIGH

Key Information:

Vendor
Enlightenment
Status
Enlightenment
Vendor
CVE Published:
27 April 2018

Summary

A vulnerability in the Enlightenment window manager prior to version 0.17.6 allows local users to execute a setuid root helper without proper environment sanitization. This oversight can be exploited to gain elevated privileges, potentially compromising system integrity and security. Users of affected versions are advised to upgrade to mitigate the risk associated with unauthorized access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/91216
vdb-entryx_refsource_XF
https://git.enlightenment.org/core/enlightenment.git/comm...
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1059410
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2014-1845 : Local Privilege Escalation Vulnerability in Enlightenment by Enlightenment Foundation | SecurityVulnerability.io