Privilege Escalation Vulnerability in GNU Savane
CVE-2024-27632

8.8HIGH

Key Information:

Vendor

GNU

Vendor
CVE Published:
8 April 2024

What is CVE-2024-27632?

An identified vulnerability in GNU Savane versions up to 3.12 permits remote attackers to escalate their privileges. This exploit arises from improper handling of the form_id parameter within the form_header() function, allowing unauthorized actions that could compromise the integrity and security of the application. Effective mitigations and timely updates are essential to safeguard against potential exploitation by malicious actors.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.