Описание
Duplicate Advisory: users may append root to group listings
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references.
Original Description
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-5791
- https://github.com/ogham/rust-users/issues/44
- https://access.redhat.com/errata/RHSA-2025:12359
- https://access.redhat.com/security/cve/CVE-2025-5791
- https://bugzilla.redhat.com/show_bug.cgi?id=2370001
- https://crates.io/crates/users
- https://rustsec.org/advisories/RUSTSEC-2025-0040.html
Пакеты
Наименование
users
rust
Затронутые версииВерсия исправления
>= 0.8.0, <= 0.11.0
Отсутствует
7.1 High
CVSS3
Дефекты
CWE-266
7.1 High
CVSS3
Дефекты
CWE-266