CVE-2020-27977

High

7.8/10

Summary

CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Nov 09, 2020

CVE-2020-27977

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS