Libvirt Slaves Plugin provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of an attack to capture the credentials using another vulnerability.
Tag: Improper Permissions
ASA-2019-00610 – Jenkins ElasticBox Kubernetes CI/CD Plugin: Users with Overall/Read access could enumerate credential IDs
ElasticBox Jenkins Kubernetes CI/CD Plugin provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of an attack to capture the credentials using another vulnerability.
ASA-2019-00341 – Intel ITE Tech Consumer Infrared Driver: Improper permissions in the installer
Improper permissions in the installer for the ITE Tech Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
ASA-2019-00340 – Intel Chipset Device Software: Improper permissions in the installer
Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.
ASA-2019-00336 – Intel Turbo Boost Max Technology: Improper permissions in the installer
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
ASA-2019-00335 – Intel Omni-Path Fabric Manager GUI: Improper permissions in the installer
Improper permissions in the installer for Intel(R) Omni-Path Fabric Manager GUI before version 10.9.2.1.1 may allow an authenticated user to potentially enable escalation of privilege via local attack.
ASA-2019-00142 – Intel: Improper permissions in Intel Matrix Storage Manager
Improper permissions in Intel Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
ASA-2019-00140 – Intel: Improper permissions for Intel USB 3.0 Creator Utility
Improper permissions for Intel USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.