Skip to main content
Skip table of contents

ISN 2024-12: Vulnerability in Starter License Verification

First published 15 May 2024

CVSS 3.1: 7.8 (high)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in the Starter License verification mechanism in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11

Details

An issue in the code verifying the validity of the Starter License can enable a local attacker to execute arbitrary commands as a non-privileged user. This vulnerability is rated as high.

IGEL would like to thank Zack Didcott for coordinated disclosure.

Update Instructions

  • OS 12: Update to version 12.4.0 of the IGEL OS 12 base system.
  • OS 11: Update to IGEL OS version 11.10.100.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.