Vulnerability Details CVE-2024-7062
Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.7%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-7062
-
cpe:2.3:a:mikekazakov:nimble_commander:-
-
cpe:2.3:a:mikekazakov:nimble_commander:1.0.9
-
cpe:2.3:a:mikekazakov:nimble_commander:1.1.3
-
cpe:2.3:a:mikekazakov:nimble_commander:1.1.5
-
cpe:2.3:a:mikekazakov:nimble_commander:1.2.0
-
cpe:2.3:a:mikekazakov:nimble_commander:1.2.1
-
cpe:2.3:a:mikekazakov:nimble_commander:1.2.3
-
cpe:2.3:a:mikekazakov:nimble_commander:1.2.4
-
cpe:2.3:a:mikekazakov:nimble_commander:1.2.5
-
cpe:2.3:a:mikekazakov:nimble_commander:1.2.6
-
cpe:2.3:a:mikekazakov:nimble_commander:1.2.7
-
cpe:2.3:a:mikekazakov:nimble_commander:1.2.9
-
cpe:2.3:a:mikekazakov:nimble_commander:1.3.0
-
cpe:2.3:a:mikekazakov:nimble_commander:1.5.0
-
cpe:2.3:a:mikekazakov:nimble_commander:1.6.0
-
cpe:2.3:o:apple:macos:-