How severe is CVE-2020-15145?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2020-15145?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2020-15145 - HIGH Severity | CVSS 8.2

Vulnerability Description

In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing `C:\ProgramData\ComposerSetup\bin\composer.bat` in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the `C:\ProgramData\ComposerSetup\bin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability.

Related Vulnerabilities

CVE-2020-12118

HIGH

CVSS:8.2(High)

The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from...

CWE-2762020

CVE-2021-44905

HIGH

CVSS:8.2(High)

Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.

CWE-2762021

CVE-2022-29178

HIGH

CVSS:8.2(High)

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorr...

CWE-2762022

CVE-2022-4020

HIGH

CVSS:8.2(High)

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

CWE-2762022

CVE-2024-20005

HIGH

CVSS:8.2(High)

In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed...

CWE-2762024

CVE-2024-45067

MEDIUM

CVSS:8.2(High)

Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-2762024