What is GHSA-89g2-88gp-pqf4?

GHSA-89g2-88gp-pqf4 is a security advisory published by GitHub Security Advisories with High severity. Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows...

Which CVE IDs does GHSA-89g2-88gp-pqf4 cover?

GHSA-89g2-88gp-pqf4 covers the following CVE IDs: CVE-2020-37247. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-89g2-88gp-pqf4?

GHSA-89g2-88gp-pqf4 has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-89g2-88gp-pqf4HighCVSS 7.8

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows...

Vendor

GitHub Security Advisories

Published

May 16, 2026

Last Modified

May 16, 2026

🔗 CVE IDs covered (1)

CVE-2020-37247 →

📋 Description

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem privileges when the service starts.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2020-37247
https://www.exploit-db.com/exploits/50975
https://www.kite.com
https://www.vulncheck.com/advisories/kite-u1-unquoted-service-path-privilege-escalation
https://github.com/advisories/GHSA-89g2-88gp-pqf4