CVE-2023-41969UNIX Symbolic Link (Symlink) Following in Client Connector

CWE-61UNIX Symbolic Link (Symlink) FollowingCWE-59Link Following3 documents3 sources
Severity
7.1HIGHNVD
CNA7.3
EPSS
0.1%
top 73.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zscaler Client Connector
Timeline
PublishedMar 26

Description

An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5zscaler/client_connector< 4.3.0

🔴Vulnerability Details

2
GHSA
GHSA-vrpp-jrqv-4gj2: An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access2024-03-26
CVEList
ZSATrayManager Arbitrary File Deletion2024-03-26
CVE-2023-41969 — UNIX Symbolic Link (Symlink) Following | cvebase