CVE-2020-7358
MEDIUMAppSpider < 7.2.126 - Uncontrolled Search Path Element via Executable Placement
Title source: llmDescription
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://help.rapid7.com/appspider/release-notes/index.html?pid=7.2.126
Scores
CVSS v3
5.8
EPSS
0.0029
EPSS Percentile
20.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
Details
CWE
CWE-427
Status
published
Products (1)
rapid7/appspider
< 7.2.126
Published
Sep 18, 2020
Tracked Since
Feb 18, 2026