Incorrect Execution-Assigned Permissions

CVE-2024-11220

High

8.5/10

Summary

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-279 - Incorrect Execution-Assigned Permissions

While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

References

Advisory Timeline

Published Dec 06, 2024

Incorrect Execution-Assigned Permissions

CVE-2024-11220

Summary

CWE-279 - Incorrect Execution-Assigned Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS