CVE-2023-40361

EUVD-2023-44932
SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
secudosqiata
4.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/vianic/CVE-2023-40361/blob/main/advisory/advisory.md
https://github.com/vianic/CVE-2023-40361/blob/main/advisory/advisory.md