CVE-2020-11498 Information

Description

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user’s own context e.g. for user-level persistence or to bypass security controls. NOTE: the vendor states that this \requires a high degree of access and other preconditions that are tough to achieve.\

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.pwn3d.org/posts/7918501-slack-nebula-relative-path-bug-bounty-disclosure https://github.com/slackhq/nebula/pull/191

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8