Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-83gm-5269-qr3v

Опубликовано: 26 авг. 2022
Источник: github
Github: Не прошло ревью
CVSS3: 7.8

Описание

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

EPSS

Процентиль: 25%
0.00081
Низкий

7.8 High

CVSS3

Дефекты

CWE-59

Связанные уязвимости

CVSS3: 6.7
ubuntu
почти 3 года назад

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 6.5
redhat
около 4 лет назад

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 6.7
nvd
почти 3 года назад

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 6.7
debian
почти 3 года назад

A symbolic link issue was found in rpm. It occurs when rpm sets the de ...

CVSS3: 6.5
fstec
около 4 лет назад

Уязвимость менеджера RPM-пакетов RPM (RPM Package Manager) операционных систем Red Hat Enterprise Linux, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 25%
0.00081
Низкий

7.8 High

CVSS3

Дефекты

CWE-59