CVE-2024-45770

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45770
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45770.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45770
Related
Published
2024-09-19T09:15:02Z
Modified
2024-11-12T19:05:02.066453Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

References

Affected packages

Debian:11 / pcp

Package

Name
pcp
Purl
pkg:deb/debian/pcp?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.6-1
5.3.0-1
5.3.1-1
5.3.2-1
5.3.3-1
5.3.4-1
5.3.5-1
5.3.6-1
5.3.7-1

6.*

6.0.0-1
6.0.0-1.1
6.0.1-1
6.0.2-1
6.0.3-1
6.0.3-1.1
6.0.5-1
6.1.0-1
6.1.1-1
6.2.0-1
6.2.0-1.1~exp1
6.2.0-1.1
6.2.1-1
6.2.2-1
6.3.0-1
6.3.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pcp

Package

Name
pcp
Purl
pkg:deb/debian/pcp?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.3-1.1
6.0.5-1
6.1.0-1
6.1.1-1
6.2.0-1
6.2.0-1.1~exp1
6.2.0-1.1
6.2.1-1
6.2.2-1
6.3.0-1
6.3.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}