Improper Ownership Management

CVE-2024-39755

High

7.8/10

Summary

A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-282 - Improper Ownership Management

The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

References

Advisory Timeline

Published Oct 03, 2024

Improper Ownership Management

CVE-2024-39755

Summary

CWE-282 - Improper Ownership Management

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS