CVE-2024-39934

Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Common Weakness Enumeration
References
https://checkmk.com/werk/16434
https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715e
https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1
https://github.com/elabit/robotmk/releases/tag/v2.0.1
https://checkmk.com/werk/16434
https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715e
https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1
https://github.com/elabit/robotmk/releases/tag/v2.0.1