CVE-2024-39934

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-39934

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39934.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-39934

Published

2024-07-04T19:15:10.967Z

Modified

2025-11-15T23:04:16.781257Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment.

References

Affected packages

Git / github.com/elabit/robotmk

Affected ranges

Type: GIT
Repo: https://github.com/elabit/robotmk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

78c1174ab2df43813050d0c22e1efb8636f8715e

Fixed

b4b6659cb107c69f650ab5889c2ce45d06f714e6

Affected versions

Other

stable

v2.*

v2.0.0

v2.0.0-alpha

v2.0.0-alpha-1

v2.0.0-alpha-10

v2.0.0-alpha-11

v2.0.0-alpha-12

v2.0.0-alpha-13

v2.0.0-alpha-2

v2.0.0-alpha-3

v2.0.0-alpha-4

v2.0.0-alpha-5

v2.0.0-alpha-6

v2.0.0-alpha-7

v2.0.0-alpha-8

v2.0.0-alpha-9

v2.0.0-beta-0

v2.0.0-beta-1

v2.0.0-beta-2