3 min
Rapid7 Disclosure
CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)
Rapid7 is disclosing CVE-2024-0394, a privilege escalation vulnerability in Rapid7 Minerva’s Armor product family. The root cause of this vulnerability is Minerva’s implementation of OpenSSL’s OPENSSLDIR parameter, which was set to a path accessible to low-privileged users.