漏洞标题
N/A
漏洞描述信息
作为我们安全开发生命周期的一部分,我们内部发现了潜在的权限提升问题。这可能导致具有足够权限的恶意行为者修改环境变量,滥用受影响的插件,以提升权限。我们已经解决了这个问题,同时还进行了数项深度防御修复。虽然成功 exploitation 的概率较低,Tenable 致力于保护我们的客户环境和我们的产品。更新已经通过 Tenable 插件 feed 在 feed 编号等于或大于 #202212212055 的情况下分发。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Tenable.Sc 安全漏洞
漏洞描述信息
Tenable Network Security Tenable.Sc是美国Tenable Network Security公司的一套漏洞分析解决方案。该产品支持实时漏洞评估和管理等。 tenable产品存在安全漏洞,该漏洞源于其允许具有足够权限的攻击者修改环境变量并滥用受影响的插件以提升权限。以下产品受到影响:tenable.io、tenable.sc、Nessus。
CVSS信息
N/A
漏洞类别
其他