CVE-2020-27519

2021-04-3014:15:08

Google

osv.dev

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.

CPENameOperatorVersion
pritunl-client-electroneq1.0.1436.36
pritunl-client-electroneq1.0.1782.9
pritunl-client-electroneq1.0.1356.36
pritunl-client-electroneq1.0.2388.46
pritunl-client-electroneq1.0.1400.11
pritunl-client-electroneq1.2.2549.5
pritunl-client-electroneq1.0.1889.51
pritunl-client-electroneq1.0.1294.3
pritunl-client-electroneq1.0.2395.64
pritunl-client-electroneq1.0.2079.9

Name	Operator	Version
pritunl-client-electron	eq	1.0.1436.36
pritunl-client-electron	eq	1.0.1782.9
pritunl-client-electron	eq	1.0.1356.36
pritunl-client-electron	eq	1.0.2388.46
pritunl-client-electron	eq	1.0.1400.11
pritunl-client-electron	eq	1.2.2549.5
pritunl-client-electron	eq	1.0.1889.51
pritunl-client-electron	eq	1.0.1294.3
pritunl-client-electron	eq	1.0.2395.64
pritunl-client-electron	eq	1.0.2079.9

Rows per page:

1-10 of 901

References

github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e

github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899

github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce