CVE-2020-27519: Improper Privilege Management

April 30, 2021 (updated May 11, 2021)

Pritunl Client contains a local privilege escalation vulnerability in the pritunl-service component. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM by providing malicious openvpn configurations.

References

nvd.nist.gov/vuln/detail/CVE-2020-27519

Detect and mitigate CVE-2020-27519 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →