CVE-2023-26603 - JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. Th

CVE-2023-26603

Summary

JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer.

References

https://community.jumpcloud.com/t5/jumpcloud-product-news/bd-p/releases
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0003.md

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

29-04-2024 - 12:42

Published

26-04-2024 - 20:15

Last modified

29-04-2024 - 12:42