From 1fc8191ad3cfd178db0437cf79a98dd7884a6cd1 Mon Sep 17 00:00:00 2001
From: DavidXanatos <xanatosdavid@gmail.com>
Date: Thu, 28 Nov 2024 22:01:11 +0100
Subject: [PATCH] Update SECURITY.md

---
 SECURITY.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index daba95d04b..40b56e7a72 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -6,6 +6,12 @@ Please report any found security vulnerability directly to me at xanatosdavid[at
 
 ## Fixed security issues
 
+### SECURITY ISSUE ID-23
+Files storred inside a sandbox folder were accessible to all users on a system,
+resulting in security issues in multi user scenarios see [CVE-2024-49360](https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp)
+
+fixed in: 1.15.0 / 5.70.0
+
 ### SECURITY ISSUE ID-23 (thanks Diversenok)
 A sandboxed process with administrative privileges could enable SeManageVolumePrivilege, this allowed it to read MFT data, in case of files smaller than 1 cluster that allowed to read the file payload