Himmelblau
Monthly
Local privilege escalation in Himmelblau prior to versions 3.1.0 and 2.3.8 allows authenticated local users to exploit insecure Kerberos cache file handling in the root-running himmelblaud-tasks daemon through symlink attacks. The vulnerability stems from the removal of PrivateTmp protections, exposing /tmp operations to symlink-based file overwrite and ownership manipulation attacks. An attacker with local access can leverage this flaw to achieve arbitrary file modification and full system compromise.
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.
Local privilege escalation in Himmelblau prior to versions 3.1.0 and 2.3.8 allows authenticated local users to exploit insecure Kerberos cache file handling in the root-running himmelblaud-tasks daemon through symlink attacks. The vulnerability stems from the removal of PrivateTmp protections, exposing /tmp operations to symlink-based file overwrite and ownership manipulation attacks. An attacker with local access can leverage this flaw to achieve arbitrary file modification and full system compromise.
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.