CVE-2017-18284Incorrect Permission Assignment in Project Burp

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 90.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Burp Project BurpDebian Burp
Timeline
PublishedJun 4
Latest updateMay 13

Description

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDburp_project/burp< 2.1.32
debiandebian/burp

🔴Vulnerability Details

1
GHSA
GHSA-5h58-h48w-w3q5: The Gentoo app-backup/burp package before 22022-05-13

📋Vendor Advisories

1
Debian
CVE-2017-18284: burp - The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID f...2017