Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0524

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.

Published

2023-02-01T03:15:08.427

Last Modified

2025-03-27T15:15:42.113

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tenable	nessus	-	Yes
Application	tenable	tenable.io	-	Yes
Application	tenable	tenable.sc	-	Yes

References

https://www.tenable.com/security/tns-2023-04 Vendor Advisory ([email protected])
https://www.tenable.com/security/tns-2023-04 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)