Описание
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| guix | not-affected | package |
Примечания
https://issues.guix.gnu.org/issue/37744
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=81c580c8664bfeeb767e2c47ea343004e88223c7 (v1.1.0rc1)
EPSS
Процентиль: 29%
0.00105
Низкий
Связанные уязвимости
CVSS3: 7.8
nvd
больше 6 лет назад
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.
CVSS3: 7.8
github
больше 3 лет назад
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.
EPSS
Процентиль: 29%
0.00105
Низкий