Privilege Escalation Vulnerability in Rapid7 Minerva Armor
CVE-2024-0394
Currently unrated
What is CVE-2024-0394?
The Rapid7 Minerva Armor software before version 4.5.5 contains a vulnerability that allows authenticated attackers to escalate their privileges, potentially leading to the execution of arbitrary code with SYSTEM privileges. This issue arises from the insecure implementation of OpenSSL's OPENSSLDIR parameter, which points to a location that low-privileged users can access. Users are strongly encouraged to upgrade to version 4.5.5 or later to mitigate this security risk.