SB2023020752 - Privilege escalation in Grunt
Published: February 7, 2023
Security Bulletin ID
SB2023020752
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) UNIX symbolic link following (CVE-ID: CVE-2022-1537)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A local user can create a specially crafted symbolic link to the GruntJS user's .bashrc file and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
Remediation
Install update from vendor's website.