The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent malicious users to bypass intended filesystem restrictions by leveraging access to a GroundWork script.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gwos groundwork monitor 6.7.0 |