Описание
users may append root to group listings
Affected versions append root to group listings, unless the correct listing has exactly 1024 groups.
This affects both:
- The supplementary groups of a user
- The group access list of the current process
If the caller uses this information for access control, this may lead to privilege escalation.
This crate is not currently maintained, so a patched version is not available.
Versions older than 0.8.0 do not contain the affected functions, so downgrading to them is a workaround.
Recommended alternatives
Пакеты
users
>= 0.8.0, <= 0.11.0
Отсутствует
Связанные уязвимости
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.