Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mist vulnerable to user providing a Sudo binary for authentication checks
Vulnerability Description
Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用基本弱点进行的认证绕过
Vulnerability Title
Mist 代码问题漏洞
Vulnerability Description
Mist是makedeb开源的一个 makedeb 包存储库的官方命令行界面。 Mist 0.9.5及以前版本存在代码问题漏洞,该漏洞源于用户通过PATH 变量提供的sudo二进制文件允许本地用户以root权限在用户的系统上运行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A