CVE-2019-3567 is a vulnerability in Linux Foundation Osquery
Published on June 3, 2019
In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2019-3567 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2019-3567
Want to know whenever a new CVE is published for Linux Foundation Osquery? stack.watch will email you.
Affected Versions
Facebook osquery:- Version 3.4.0 is affected.
- Version unspecified and below 3.4.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.