GHSA-jx4p-m4wm-vvjg

Source

https://github.com/advisories/GHSA-jx4p-m4wm-vvjg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-jx4p-m4wm-vvjg/GHSA-jx4p-m4wm-vvjg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jx4p-m4wm-vvjg

Aliases

CVE-2024-29188

Published

2024-03-25T19:42:17Z

Modified

2024-03-25T19:58:33.251291Z

Severity

7.9 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H CVSS Calculator

Summary

Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files

Details

Summary

The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories.

Details

RemoveFolderEx deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed RemoveFolderEx to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction.

Database specific

{
    "nvd_published_at": "2024-03-24T20:15:08Z",
    "cwe_ids": [
        "CWE-59"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-25T19:42:17Z"
}

References

Affected packages

NuGet / wix

Package

Name: wix; View open source insights on deps.dev
Purl: pkg:nuget/wix

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.14.1

Affected versions

3.*

3.6.0

3.6.0.1

3.7.0

3.7.0.1

3.8.0

3.8.0.1

3.9.0

3.9.0.1

3.9.2

3.9.2.1

3.10.0

3.10.0.1719-pre

3.10.0.1726-pre

3.10.0.2103-pre

3.10.0.2103-pre1

3.10.1

3.10.2

3.10.3

3.10.4

3.11.0

3.11.0.321-pre

3.11.0.504-pre

3.11.0.906-pre

3.11.0.1507-rc

3.11.0.1528-rc2

3.11.1

3.11.2

3.14.0

NuGet / wix

Package

Name: wix; View open source insights on deps.dev
Purl: pkg:nuget/wix

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.5

Affected versions

4.*

4.0.0

4.0.0.2926-pre

4.0.0.3226-pre

4.0.0.3922-pre

4.0.0.4506-pre

4.0.0.5512-pre

4.0.1

4.0.2

4.0.3

4.0.4

NuGet / WixToolset.Util.wixext

Package

Name: WixToolset.Util.wixext; View open source insights on deps.dev
Purl: pkg:nuget/WixToolset.Util.wixext

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.5

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4