Users can restore files to locations they do not have write access to
Overview
This article provides details about a security vulnerability in the Code42 app.
Description
An attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write.
Affected versions
Code42 app 6.9.1 and earlier
Resolution
This vulnerability has been fixed in Code42 app version 6.9.2 or later. To remediate this vulnerability, upgrade the Code42 apps in your environment.
CVE details
| CVE ID | CVE-2019-11551 |
|---|---|
| Date published | August 19, 2019 |
| Number of vulnerabilities | 1 |
| Products | Code42 for Enterprise and CrashPlan for Small Business |
| Affected product versions |
Client version 6.9.1 and earlier |
| Vulnerability type | Incorrect Access Control |
| Attack type | Local |
| Impact | Escalation of privileges |
| Affected components | CrashPlan service |
| Attack vectors | An attacker can overwrite or restore files to locations they do not have write privileges to. This can be accomplished via API or via the User Interface. |
| Description of the vulnerability | When Code42 restores a file, it restores the file as the context of the Code42 service which is running as root, instead of the context of the user who launched the user interface. This only affects you if you are running a system installed CrashPlan, not a user installed CrashPlan. An attacker can craft a restore request to restore a file through CrashPlan to a location they do not have privileges to write. |
Other Code42 resources
- Code42: Security