CVE-2024-45770

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
redhatCNA
4.4 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Debian logo
Debian Releases
Debian Product
Codename
pcp
bullseye
ignored
bookworm
no-dsa
sid
6.3.8-1
fixed
trixie
6.3.8-1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:6837
https://access.redhat.com/errata/RHSA-2024:6840
https://access.redhat.com/errata/RHSA-2024:6842
https://access.redhat.com/errata/RHSA-2024:6843
https://access.redhat.com/errata/RHSA-2024:6844
https://access.redhat.com/errata/RHSA-2024:6846
https://access.redhat.com/errata/RHSA-2024:6847
https://access.redhat.com/errata/RHSA-2024:6848
https://access.redhat.com/errata/RHSA-2024:9452
https://access.redhat.com/security/cve/CVE-2024-45770
https://bugzilla.redhat.com/show_bug.cgi?id=2310451