vulnerability

Ubuntu: USN-6933-1 (CVE-2021-41388): ClickHouse vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Jan 4, 2022	Aug 12, 2024	Oct 23, 2024

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Jan 4, 2022

Added

Aug 12, 2024

Modified

Oct 23, 2024

Description

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.

Solution(s)

ubuntu-upgrade-clickhouse-commonubuntu-upgrade-clickhouse-serverubuntu-upgrade-clickhouse-tools

References

CVE-2021-41388
https://attackerkb.com/topics/CVE-2021-41388
UBUNTU-USN-6933-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today