CVE-2019-17080
published 2019-10-02CVE-2019-17080: mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs…
PriorityP350high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
8.20%
94.2th percentile
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linuxmint | mintinstall | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/154722/mintinstall-7.9.9-Code-Execution.htmlhttps://forums.linuxmint.com/viewtopic.php?f=143&t=302960https://github.com/Andhrimnirr/Mintinstall-object-injectionhttps://github.com/linuxmint/mintinstall/blob/master/debian/changeloghttp://packetstormsecurity.com/files/154722/mintinstall-7.9.9-Code-Execution.htmlhttps://forums.linuxmint.com/viewtopic.php?f=143&t=302960https://github.com/Andhrimnirr/Mintinstall-object-injectionhttps://github.com/linuxmint/mintinstall/blob/master/debian/changelog
2019-10-02
Published