CVE-2024-7062 Information

Description

Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently it is possible to execute system-level commands as the root user such as changing permissions and ownership obtaining a handle (file descriptor) of an arbitrary file and terminating processes among other operations.

Reference

https://pentraze.com/vulnerability-reports/CVE-2024-7062/