Nixpkgs security tracker

Untriaged

Permalink CVE-2021-47863

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 4 months ago Activity log

Created suggestion 4 months ago

MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path

MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems.

References

ExploitDB-49694 exploit
MacPaw Encrypto Official Homepage product
VulnCheck Advisory: MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path third-party-advisory

Affected products

Encrypto

==1.0.1

Matching in nixpkgs

pkgs.opencryptoki

PKCS#11 implementation for Linux

nixos-unstable 3.25.0
- nixpkgs-unstable 3.25.0
- nixos-unstable-small 3.25.0

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.opencryptoki