CVE-2023-3972
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2023-3972: A vulnerability was discovered in the insights-client software. This issue allows an unprivileged user or attacker to create a directory (/var/tmp/insights-client) with dangerous permissions before the insights-client is registered by the root user. Once registered, the attacker can manipulate the directory's content, placing malicious scripts that will be executed as root, bypassing SELinux protections. This vulnerability stems from insecure file operations and unsafe handling of temporary files and directories, leading to local privilege escalation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Red Hat Enterprise Linux
- Redhat Enterprise Linux For Ibm Z Systems
- RedHat Enterprise Linux Server
Affected Vendors
- Red Hat