CVE-2019-12162

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe.
References
Link Resource
https://vuldb.com/?id.138406 Third Party Advisory
https://support.upwork.com/hc/en-us/categories/360001180954 Product Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:upwork:time_tracker:5.2.2.716:*:*:*:*:*:*:*

Information

Published : 2019-07-23 03:15

Updated : 2020-08-24 05:37


NVD link : CVE-2019-12162

Mitre link : CVE-2019-12162

Products Affected
No products.
CWE
CWE-494

Download of Code Without Integrity Check