nvd-json-data-feeds/CVE-2024/CVE-2024-131xx/CVE-2024-13177.json

{
  "id": "CVE-2024-13177",
  "sourceIdentifier": "psirt@netskope.com",
  "published": "2025-04-15T16:15:21.903",
  "lastModified": "2025-04-15T18:39:27.967",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system. \nThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306."
    },
    {
      "lang": "es",
      "value": "Netskope Client en Mac OS se ve afectado por una vulnerabilidad en la que el script de postinstalaci\u00f3n no valida correctamente la ruta del archivo \"nsinstallation\". Un usuario est\u00e1ndar podr\u00eda crear un enlace simb\u00f3lico al archivo \"nsinstallation\" para escalar los privilegios de otro archivo del sistema. Este problema afecta a los clientes Netskope anteriores a la versi\u00f3n 123.0, 117.1.11.2310 y 120.1.10.2306."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "psirt@netskope.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 5.2,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "subAvailabilityImpact": "HIGH",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@netskope.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-610"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation",
      "source": "psirt@netskope.com"
    }
  ]
}
Auto-Update: 2025-04-15T18:00:21.112080+00:00 2025-04-15 18:04:22 +00:00			`{`
			`"id": "CVE-2024-13177",`
			`"sourceIdentifier": "psirt@netskope.com",`
			`"published": "2025-04-15T16:15:21.903",`
Auto-Update: 2025-04-15T20:00:20.387449+00:00 2025-04-15 20:04:25 +00:00			`"lastModified": "2025-04-15T18:39:27.967",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2025-04-15T18:00:21.112080+00:00 2025-04-15 18:04:22 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system. \nThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306."`
Auto-Update: 2025-04-20T02:01:32.812855+00:00 2025-04-20 02:05:18 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "Netskope Client en Mac OS se ve afectado por una vulnerabilidad en la que el script de postinstalaci\u00f3n no valida correctamente la ruta del archivo \"nsinstallation\". Un usuario est\u00e1ndar podr\u00eda crear un enlace simb\u00f3lico al archivo \"nsinstallation\" para escalar los privilegios de otro archivo del sistema. Este problema afecta a los clientes Netskope anteriores a la versi\u00f3n 123.0, 117.1.11.2310 y 120.1.10.2306."`
Auto-Update: 2025-04-15T18:00:21.112080+00:00 2025-04-15 18:04:22 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV40": [`
			`{`
			`"source": "psirt@netskope.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "4.0",`
			`"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",`
			`"baseScore": 5.2,`
			`"baseSeverity": "MEDIUM",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "HIGH",`
			`"attackRequirements": "NONE",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"vulnConfidentialityImpact": "NONE",`
			`"vulnIntegrityImpact": "NONE",`
			`"vulnAvailabilityImpact": "NONE",`
			`"subConfidentialityImpact": "HIGH",`
			`"subIntegrityImpact": "HIGH",`
			`"subAvailabilityImpact": "HIGH",`
			`"exploitMaturity": "NOT_DEFINED",`
			`"confidentialityRequirement": "NOT_DEFINED",`
			`"integrityRequirement": "NOT_DEFINED",`
			`"availabilityRequirement": "NOT_DEFINED",`
			`"modifiedAttackVector": "NOT_DEFINED",`
			`"modifiedAttackComplexity": "NOT_DEFINED",`
			`"modifiedAttackRequirements": "NOT_DEFINED",`
			`"modifiedPrivilegesRequired": "NOT_DEFINED",`
			`"modifiedUserInteraction": "NOT_DEFINED",`
			`"modifiedVulnConfidentialityImpact": "NOT_DEFINED",`
			`"modifiedVulnIntegrityImpact": "NOT_DEFINED",`
			`"modifiedVulnAvailabilityImpact": "NOT_DEFINED",`
			`"modifiedSubConfidentialityImpact": "NOT_DEFINED",`
			`"modifiedSubIntegrityImpact": "NOT_DEFINED",`
			`"modifiedSubAvailabilityImpact": "NOT_DEFINED",`
			`"Safety": "NOT_DEFINED",`
			`"Automatable": "NOT_DEFINED",`
			`"Recovery": "NOT_DEFINED",`
			`"valueDensity": "NOT_DEFINED",`
			`"vulnerabilityResponseEffort": "NOT_DEFINED",`
			`"providerUrgency": "NOT_DEFINED"`
			`}`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "psirt@netskope.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-610"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation",`
			`"source": "psirt@netskope.com"`
			`}`
			`]`
			`}`