CVE-2024-50616

Vulnerability

Analysis

CVE-2024-50616 is a privilege escalation and information disclosure vulnerability affecting Ironman PowerShell Universal versions 5.0.0 through 5.0.11. The root cause is an unspecified authorization flaw that allows an authenticated attacker to gain elevated privileges and access sensitive job information [1].

Exploitation

To exploit this vulnerability, the attacker must already be authenticated to the PowerShell Universal instance. No other preconditions are mentioned in available sources. The attack vector is network-based (AV:N) with low complexity and high privileges required, according to the CVSS vector for a related but not identical score [1].

Impact

Successful exploitation enables an attacker to elevate their privileges beyond their intended role and view job information, which could include sensitive data or operational details [1]. The CVSS v3 base score of 8.8 (High) indicates a serious risk to confidentiality, integrity, and availability. Per the advisory, the vulnerability is listed under "Privilege escalation and information disclosure."

Mitigation

The vendor has addressed this vulnerability in version 5.0.12. Users are strongly advised to upgrade to this patched version or later [1]. No workarounds have been published as of October 2024.