The Code42 app prior to 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
code42 code42 |