CVE-2020-11498
HIGHSlack Nebula < 1.1.0 - Path Traversal and Arbitrary Code Execution via tun_darwin.go or tun_windows.go
Title source: llmDescription
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistence or to bypass security controls. NOTE: the vendor states that this "requires a high degree of access and other preconditions that are tough to achieve."
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/slackhq/nebula/pull/191
Exploit, Third Party Advisory x_refsource_misc
http://www.pwn3d.org/posts/7918501-slack-nebula-relative-path-bug-bounty-disclosure
Scores
CVSS v3
8.8
EPSS
0.0340
EPSS Percentile
87.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
slack/nebula
< 1.1.0
Published
Apr 02, 2020
Tracked Since
Feb 18, 2026