CVE-2024-39934 Information

Description

Robotmk before 2.0.1 allows a local user to escalate privileges (e.g. to SYSTEM) if automated Python environment setup is enabled because the \shared holotree usage\ feature allows any user to edit any Python environment.

Reference

https://github.com/elabit/robotmk/releases/tag/v2.0.1 https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715e https://checkmk.com/werk/16434 https://github.com/elabit/robotmk/compare/v2.0.0…v2.0.1