Early Access — Mondoo Vulnerability Intelligence is currently in preview.
misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.
Exploitability
AV:LAC:LAu:NImpact
C:CI:CA:C7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C