Nixpkgs security tracker
Dismissed
Permalink
CVE-2022-50931
8.4 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @Scrumplex Activity log
- Created suggestion
- @Scrumplex dismissed
TeamSpeak 3.5.6 - Insecure File Permissions
TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access.
References
-
ExploitDB-50743 exploit
-
TeamSpeak Downloads Page product
-
VulnCheck Advisory: TeamSpeak 3.5.6 - Insecure File Permissions third-party-advisory
Affected products
TeamSpeak
- ==3.5.6
Matching in nixpkgs
pkgs.teamspeak3
TeamSpeak voice communication tool
pkgs.teamspeak_server
TeamSpeak voice communication server
pkgs.teamspeak6-client
TeamSpeak voice communication tool (beta version)
-
nixos-unstable 6.0.0-beta3.2
- nixpkgs-unstable 6.0.0-beta3.4
- nixos-unstable-small 6.0.0-beta3.4
Package maintainers
-
@nathanielbaxter Nathaniel Baxter <nathaniel.baxter@gmail.com>
-
@lukegb Luke Granger-Brown <nix@lukegb.com>
-
@Atemu Atemu <nixpkgs@mail.atemu.net>
-
@jojosch Johannes Schleifenbaum <johannes@js-webcoding.de>
-
@drafolin Dråfølin <derg@drafolin.ch>
-
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>
-
@Shados Alexei Robyn <shados@shados.net>
-
@Gerschtli Tobias Happ <tobias.happ@gmx.de>