According to the CVSS metric, user interaction is required (UI:R) and privileges required are low (PR:L). What does that mean for this vulnerability? An authenticated attacker must wait for a victim user to initiate a connection. What privileges could an attacker gain with a successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.
Felix Boulet with <a href="https://www.cyber.gouv.qc.ca/">Centre gouvernemental de cyberdéfense (CGCD)</a>, Mathieu Fiore Laroche with <a href="https://www.cyber.gouv.qc.ca/">Centre gouvernemental de cyberdéfense (CGCD)</a>