CVE-2020-13095

Severity CVSS v4.0:
Pending analysis
Type:
CWE-59 Link Following
Publication date:
30/06/2020
Last modified:
07/11/2023

Description

Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:obdev:little_snitch:*:*:*:*:*:*:*:* 4.5.1 (including)


References to Advisories, Solutions, and Tools