CVE-2019-15119
MEDIUMEhang-io Nps < 0.23.2 - Incorrect Permission Assignment
Title source: ruleDescription
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/cnlh/nps/issues/176
Patch, Third Party Advisory x_refsource_misc
https://github.com/cnlh/nps/commit/7178b3380720e910d283036a8d39879a94105515
Scores
CVSS v3
5.5
EPSS
0.0009
EPSS Percentile
25.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-732
Status
published
Products (2)
ehang-io/nps
< 0.23.2
ehang.io/nps
0 - 0.23.2Go
Published
Aug 16, 2019
Tracked Since
Feb 18, 2026