CVE-2019-13013

MEDIUM

Little Snitch 4.3.0-4.3.2 - Unauthenticated Local Privilege Escalation via XPC Interface

Title source: llm
STIX 2.1

Description

Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root.

References (1)

Core 1
Core References
Various Sources x_refsource_misc
https://obdev.at/cve/2019-13013-OSv2mEFD3z.html

Scores

CVSS v3 5.5
EPSS 0.0030
EPSS Percentile 22.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-264 CWE-862
Status published
Products (1)
obdev/little_snitch 4.3.0 - 4.3.2
Published Aug 23, 2019
Tracked Since Feb 18, 2026