| Title | Kylin OS privilege escalation vulnerability |
|---|
| Description | #Describe
The kylin-activation package is a component used by Kylin OS for authorization verification and activation. The software package does not strictly restrict the legality of the import file operation, so the directory where the system configuration file is located is imported into an illegal configuration file, resulting in the elevation of local privileges of ordinary users.
#Hazard level
High
#Affected version
Desktop:kylin-activation < 1.3.11-23
Server:kylin-activation < 1.30.10-5.p23 |
|---|
| Source | ⚠️ https://github.com/i900008/vulndb/blob/main/kylin-activation_vuln.md |
|---|
| User | Set3r.Pan (UID 28571) |
|---|
| Submission | 02/24/2023 02:50 (3 years ago) |
|---|
| Moderation | 03/03/2023 07:56 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222260 [KylinSoft kylin-activation prior 1.3.11-23/1.30.10-5.p23 on KylinOS File Import improper authorization] |
|---|
| Points | 20 |
|---|