Vulnerability Description
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistence or to bypass security controls. NOTE: the vendor states that this "requires a high degree of access and other preconditions that are tough to achieve."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Slack | Nebula | <= 1.1.0 |
Related Weaknesses (CWE)
References
- http://www.pwn3d.org/posts/7918501-slack-nebula-relative-path-bug-bounty-disclosExploitThird Party Advisory
- https://github.com/slackhq/nebula/pull/191PatchThird Party Advisory
- http://www.pwn3d.org/posts/7918501-slack-nebula-relative-path-bug-bounty-disclosExploitThird Party Advisory
- https://github.com/slackhq/nebula/pull/191PatchThird Party Advisory
FAQ
What is CVE-2020-11498?
CVE-2020-11498 is a vulnerability with a CVSS score of 8.8 (HIGH). Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can ...
How severe is CVE-2020-11498?
CVE-2020-11498 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11498?
Check the references section above for vendor advisories and patch information. Affected products include: Slack Nebula.