GHSA-q623-2j2j-23jj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q623-2j2j-23jj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-q623-2j2j-23jj/GHSA-q623-2j2j-23jj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q623-2j2j-23jj
- Aliases
- Published
- 2024-07-29T06:30:24Z
- Modified
- 2024-08-02T16:05:52.213967Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- 9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
- Summary
- RaspAP allows an attacker to escalate privileges
- Details
-
RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password.
- Database specific
{ "github_reviewed_at": "2024-07-29T17:01:23Z", "severity": "CRITICAL", "cwe_ids": [ "CWE-269", "CWE-77" ], "github_reviewed": true, "nvd_published_at": "2024-07-29T06:15:02Z" }- References
Affected packages
Packagist / billz/raspap-webgui
Package
- Name
- billz/raspap-webgui
- Purl
- pkg:composer/billz/raspap-webgui
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected3.1.4
Affected versions
1.*
1.0
2.*
2.4.1
2.5
2.5.1
2.5.2
2.6-beta
2.6
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.1
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
3.*
3.0-beta
3.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4