Vulnerability Description
Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://checkmk.com/werk/16434
- https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715
- https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1
- https://github.com/elabit/robotmk/releases/tag/v2.0.1
- https://checkmk.com/werk/16434
- https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715
- https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1
- https://github.com/elabit/robotmk/releases/tag/v2.0.1
FAQ
What is CVE-2024-39934?
CVE-2024-39934 is a vulnerability with a CVSS score of 7.8 (HIGH). Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit ...
How severe is CVE-2024-39934?
CVE-2024-39934 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39934?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.