Local Privilege Escalation Vulnerability in BinaryNights ForkLift 3.x

Local Privilege Escalation Vulnerability in BinaryNights ForkLift 3.x

CVE-2020-15349 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.

Learn more about our Web Application Penetration Testing UK.