Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by pritunl
CVE-2025-43917 (GCVE-0-2025-43917)
Vulnerability from cvelistv5 – Published: 2025-04-19 00:00 – Updated: 2025-04-21 15:13
VLAI
Summary
In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as root.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pritunl | Pritunl-Client |
Affected:
0 , < 1.3.4220.57
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T15:13:35.757442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T15:13:55.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pritunl-Client",
"vendor": "Pritunl",
"versions": [
{
"lessThan": "1.3.4220.57",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pritunl:pritunl-client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.4220.57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as root."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-19T18:53:53.085Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.pritunl.com/t/pritunl-client-v1-3-4220-57/3183"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-43917",
"datePublished": "2025-04-19T00:00:00.000Z",
"dateReserved": "2025-04-19T00:00:00.000Z",
"dateUpdated": "2025-04-21T15:13:55.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25372 (GCVE-0-2022-25372)
Vulnerability from cvelistv5 – Published: 2022-02-20 19:17 – Updated: 2024-08-03 04:36
VLAI
Summary
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://rhinosecuritylabs.com/penetration-testing… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:07.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T11:56:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"name": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/",
"refsource": "MISC",
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25372",
"datePublished": "2022-02-20T19:17:02.000Z",
"dateReserved": "2022-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:07.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27519 (GCVE-0-2020-27519)
Vulnerability from cvelistv5 – Published: 2021-04-30 13:16 – Updated: 2024-08-04 16:18
VLAI
Summary
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T13:16:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27519",
"datePublished": "2021-04-30T13:16:08.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:18:44.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25989 (GCVE-0-2020-25989)
Vulnerability from cvelistv5 – Published: 2020-11-19 20:51 – Updated: 2024-08-04 15:49
VLAI
Summary
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vkas-afk.github.io/vuln-disclosures/ | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_CONFIRM |
Date Public
2020-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T20:51:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vkas-afk.github.io/vuln-disclosures/",
"refsource": "MISC",
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25989",
"datePublished": "2020-11-19T20:51:35.000Z",
"dateReserved": "2020-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:06.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25200 (GCVE-0-2020-25200)
Vulnerability from cvelistv5 – Published: 2020-10-01 17:36 – Updated: 2024-11-18 16:02 Disputed
VLAI
Summary
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://pritunl.com | x_refsource_MISC |
| https://pritunl.com/security | x_refsource_MISC |
| https://github.com/lukaszstu/pritunl/blob/master/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:04.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pritunl.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pritunl.com/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-25200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-24T16:14:46.904203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T16:02:31.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T21:53:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pritunl.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pritunl.com/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pritunl.com",
"refsource": "MISC",
"url": "https://pritunl.com"
},
{
"name": "https://pritunl.com/security",
"refsource": "MISC",
"url": "https://pritunl.com/security"
},
{
"name": "https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200",
"refsource": "MISC",
"url": "https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25200",
"datePublished": "2020-10-01T17:36:58.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2024-11-18T16:02:31.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7064 (GCVE-0-2016-7064)
Vulnerability from cvelistv5 – Published: 2020-07-21 16:56 – Updated: 2024-08-06 01:50
VLAI
Summary
A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage
Severity
No CVSS data available.
CWE
- CWE-347 - >CWE-200
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lf.lc/CVE-2016-7064.txt | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | pritunl-client-electron |
Affected:
1.0.1116.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:46.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lf.lc/CVE-2016-7064.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pritunl-client-electron",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.1116.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347-\u003eCWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T16:56:29.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lf.lc/CVE-2016-7064.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pritunl-client-electron",
"version": {
"version_data": [
{
"version_value": "1.0.1116.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347-\u003eCWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lf.lc/CVE-2016-7064.txt",
"refsource": "MISC",
"url": "https://lf.lc/CVE-2016-7064.txt"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7064",
"datePublished": "2020-07-21T16:56:29.000Z",
"dateReserved": "2016-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:46.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7063 (GCVE-0-2016-7063)
Vulnerability from cvelistv5 – Published: 2020-07-21 16:52 – Updated: 2024-08-06 01:50
VLAI
Summary
A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation.
Severity
No CVSS data available.
CWE
- CWE-22 - >CWE-73
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://lf.lc/CVE-2016-7063.txt | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | pritunl-client-electron |
Affected:
1.0.1116.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lf.lc/CVE-2016-7063.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pritunl-client-electron",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.1116.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22-\u003eCWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T16:58:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lf.lc/CVE-2016-7063.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pritunl-client-electron",
"version": {
"version_data": [
{
"version_value": "1.0.1116.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22-\u003eCWE-73"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6,",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6,"
},
{
"name": "https://lf.lc/CVE-2016-7063.txt",
"refsource": "MISC",
"url": "https://lf.lc/CVE-2016-7063.txt"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7063",
"datePublished": "2020-07-21T16:52:17.000Z",
"dateReserved": "2016-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:47.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43917 (GCVE-0-2025-43917)
Vulnerability from nvd – Published: 2025-04-19 00:00 – Updated: 2025-04-21 15:13
VLAI
Summary
In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as root.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pritunl | Pritunl-Client |
Affected:
0 , < 1.3.4220.57
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T15:13:35.757442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T15:13:55.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pritunl-Client",
"vendor": "Pritunl",
"versions": [
{
"lessThan": "1.3.4220.57",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pritunl:pritunl-client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.4220.57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as root."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-19T18:53:53.085Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.pritunl.com/t/pritunl-client-v1-3-4220-57/3183"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-43917",
"datePublished": "2025-04-19T00:00:00.000Z",
"dateReserved": "2025-04-19T00:00:00.000Z",
"dateUpdated": "2025-04-21T15:13:55.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25372 (GCVE-0-2022-25372)
Vulnerability from nvd – Published: 2022-02-20 19:17 – Updated: 2024-08-03 04:36
VLAI
Summary
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://rhinosecuritylabs.com/penetration-testing… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:07.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T11:56:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b"
},
{
"name": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/",
"refsource": "MISC",
"url": "https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25372",
"datePublished": "2022-02-20T19:17:02.000Z",
"dateReserved": "2022-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:07.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27519 (GCVE-0-2020-27519)
Vulnerability from nvd – Published: 2021-04-30 13:16 – Updated: 2024-08-04 16:18
VLAI
Summary
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T13:16:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27519",
"datePublished": "2021-04-30T13:16:08.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:18:44.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25989 (GCVE-0-2020-25989)
Vulnerability from nvd – Published: 2020-11-19 20:51 – Updated: 2024-08-04 15:49
VLAI
Summary
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vkas-afk.github.io/vuln-disclosures/ | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_CONFIRM |
Date Public
2020-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T20:51:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vkas-afk.github.io/vuln-disclosures/",
"refsource": "MISC",
"url": "https://vkas-afk.github.io/vuln-disclosures/"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d",
"refsource": "CONFIRM",
"url": "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25989",
"datePublished": "2020-11-19T20:51:35.000Z",
"dateReserved": "2020-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:06.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25200 (GCVE-0-2020-25200)
Vulnerability from nvd – Published: 2020-10-01 17:36 – Updated: 2024-11-18 16:02 Disputed
VLAI
Summary
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://pritunl.com | x_refsource_MISC |
| https://pritunl.com/security | x_refsource_MISC |
| https://github.com/lukaszstu/pritunl/blob/master/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:04.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pritunl.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pritunl.com/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-25200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-24T16:14:46.904203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T16:02:31.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T21:53:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pritunl.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pritunl.com/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pritunl.com",
"refsource": "MISC",
"url": "https://pritunl.com"
},
{
"name": "https://pritunl.com/security",
"refsource": "MISC",
"url": "https://pritunl.com/security"
},
{
"name": "https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200",
"refsource": "MISC",
"url": "https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25200",
"datePublished": "2020-10-01T17:36:58.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2024-11-18T16:02:31.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7064 (GCVE-0-2016-7064)
Vulnerability from nvd – Published: 2020-07-21 16:56 – Updated: 2024-08-06 01:50
VLAI
Summary
A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage
Severity
No CVSS data available.
CWE
- CWE-347 - >CWE-200
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lf.lc/CVE-2016-7064.txt | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | pritunl-client-electron |
Affected:
1.0.1116.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:46.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lf.lc/CVE-2016-7064.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pritunl-client-electron",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.1116.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347-\u003eCWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T16:56:29.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lf.lc/CVE-2016-7064.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pritunl-client-electron",
"version": {
"version_data": [
{
"version_value": "1.0.1116.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347-\u003eCWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lf.lc/CVE-2016-7064.txt",
"refsource": "MISC",
"url": "https://lf.lc/CVE-2016-7064.txt"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7064",
"datePublished": "2020-07-21T16:56:29.000Z",
"dateReserved": "2016-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:46.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7063 (GCVE-0-2016-7063)
Vulnerability from nvd – Published: 2020-07-21 16:52 – Updated: 2024-08-06 01:50
VLAI
Summary
A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation.
Severity
No CVSS data available.
CWE
- CWE-22 - >CWE-73
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
| https://lf.lc/CVE-2016-7063.txt | x_refsource_MISC |
| https://github.com/pritunl/pritunl-client-electro… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | pritunl-client-electron |
Affected:
1.0.1116.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lf.lc/CVE-2016-7063.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pritunl-client-electron",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.1116.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22-\u003eCWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T16:58:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lf.lc/CVE-2016-7063.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pritunl-client-electron",
"version": {
"version_data": [
{
"version_value": "1.0.1116.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22-\u003eCWE-73"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6,",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6,"
},
{
"name": "https://lf.lc/CVE-2016-7063.txt",
"refsource": "MISC",
"url": "https://lf.lc/CVE-2016-7063.txt"
},
{
"name": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6",
"refsource": "MISC",
"url": "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7063",
"datePublished": "2020-07-21T16:52:17.000Z",
"dateReserved": "2016-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:47.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}