Описание
Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:joseph_allen:joe:2.8:*:*:*:*:*:*:*
cpe:2.3:a:joseph_allen:joe:2.9:*:*:*:*:*:*:*
cpe:2.3:a:joseph_allen:joe:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:joseph_allen:joe:2.9.2:*:*:*:*:*:*:*
cpe:2.3:a:joseph_allen:joe:2.9.4:*:*:*:*:*:*:*
cpe:2.3:a:joseph_allen:joe:2.9.5:*:*:*:*:*:*:*
cpe:2.3:a:joseph_allen:joe:2.9.6:*:*:*:*:*:*:*
cpe:2.3:a:joseph_allen:joe:2.9.7:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00144
Низкий
3.6 Low
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.
EPSS
Процентиль: 35%
0.00144
Низкий
3.6 Low
CVSS2
Дефекты
CWE-264