CVE-2024-6141

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6141

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6141.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6141

Published

2024-08-21T17:15:09.660Z

Modified

2025-11-20T12:31:37.695739Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the Windscribe Service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23441.

References

Affected packages

Git / github.com/windscribe/desktop-app

Affected ranges

Type: GIT
Repo: https://github.com/windscribe/desktop-app
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

bc84faf99c5f08b4b6b310fadf9a40eaadbdb771

Affected versions

v2.*

v2.3.15

v2.4.1

v2.4.11

v2.6.14

v2.7.14

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6141.json"