Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. This product was previous named Cameo Enterprise Data Warehouse (CEDW).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
No Magic TeamworkCloud 安全漏洞
Vulnerability Description
No Magic TeamworkCloud是美国No Magic公司的一款协作开发和版本模型存储的存储管理软件。该软件提供基于Web的管理界面,提供管理用户帐户,访问控制,LDAP集成,安全连接和项目配置等功能。可部署于云端、本地硬件。 No Magic TeamworkCloud 18.0版本至19.0版本存在安全漏洞,该漏洞源于etc环境的权限分配错误(chmod 777),允许任何本地非特权用户写入etc环境。攻击者可利用该漏洞可以通过向该文件写入任意代码逐步升级到root,这些代码将在下一次登录
CVSS Information
N/A
Vulnerability Type
N/A