Home
MEDIUM: 5.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:HDefault status
unaffected
Any version before 123.0
affected
Any version before 117.1.11.2310
affected
Any version before 120.1.10.2306
affected
Description
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.
Problem types
CWE-610 Externally Controlled Reference to a Resource in Another Sphere
Product status
Any version before 123.0
Any version before 117.1.11.2310
Any version before 120.1.10.2306
Credits
Max Keasley
References
support.netskope.com/...lity-leading-to-privilege-escalation