CVE-2023-40361 Information

Description

SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh which is executed by the root user.

Reference

https://github.com/vianic/CVE-2023-40361/blob/main/advisory/advisory.md