CVE-2019-13013
MEDIUMLittle Snitch 4.3.0-4.3.2 - Unauthenticated Local Privilege Escalation via XPC Interface
Title source: llmDescription
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://obdev.at/cve/2019-13013-OSv2mEFD3z.html
Scores
CVSS v3
5.5
EPSS
0.0030
EPSS Percentile
22.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-264
CWE-862
Status
published
Products (1)
obdev/little_snitch
4.3.0 - 4.3.2
Published
Aug 23, 2019
Tracked Since
Feb 18, 2026