CVE-2023-28144
HIGHKDAB Hotspot 1.3.0-1.4.1 - Privilege Escalation via Symlink Race Condition
Title source: llmDescription
KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.
References (2)
Core 2
Core References
Release Notes
https://github.com/KDAB/hotspot/releases
Exploit, Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/03/14/8
Scores
CVSS v3
7.0
EPSS
0.0029
EPSS Percentile
20.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-362
Status
published
Products (1)
kdab/hotspot
1.3.0 - 1.4.1
Published
Mar 14, 2023
Tracked Since
Feb 18, 2026