Vulnerability Description
Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sensu | Sensu Core | < 1.4.2-3 |
Related Weaknesses (CWE)
References
- https://docs.sensu.io/sensu-core/1.4/changelog/#core-v1-4-2Vendor Advisory
- https://docs.sensu.io/sensu-core/1.4/changelog/#core-v1-4-2Vendor Advisory
FAQ
What is CVE-2018-1000209?
CVE-2018-1000209 is a vulnerability with a CVSS score of 8.8 (HIGH). Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context...
How severe is CVE-2018-1000209?
CVE-2018-1000209 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000209?
Check the references section above for vendor advisories and patch information. Affected products include: Sensu Sensu Core.