CVE Vulnerabilities

CVE-2013-2012

Improper Privilege Management

Published: Oct 31, 2019 | Modified: Aug 18, 2020
CVSS 3.x
7.3
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.

Weakness

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Autojump Autojump_project * *
Autojump Ubuntu oneiric *
Autojump Ubuntu precise *
Autojump Ubuntu quantal *
Autojump Ubuntu raring *
Autojump Ubuntu saucy *

Potential Mitigations

References