CVE-2020-11498

Published: Apr 2, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistence or to bypass security controls. NOTE: the vendor states that this "requires a high degree of access and other preconditions that are tough to achieve."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/slackhq/nebula/pull/191

x_refsource_MISC

http://www.pwn3d.org/posts/7918501-slack-nebula-relative-path-bug-bounty-disclosure

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-11498

Description

Affected Products

References