CVE-2023-1521

Опубликовано: 26 нояб. 2024

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD.

If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.

Ссылки

https://github.com/advisories/GHSA-x7fr-pg8f-93f5
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2023-046_ScCache
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mozilla:sccache:*:*:*:*:*:rust:*:*

Версия до 0.4.0 (исключая)

EPSS

Процентиль: 47%

0.00237

Низкий

7.8 High

CVSS3

Дефекты

CWE-426

Связанные уязвимости

CVE-2023-1521

CVSS3: 7.8

ubuntu

около 1 года назад

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.

CVE-2023-1521

CVSS3: 7.8

debian

около 1 года назад

On Linux the sccache client can execute arbitrary code with the privil ...

GHSA-x7fr-pg8f-93f5

CVSS3: 8.4

github

больше 2 лет назад

sccache vulnerable to privilege escalation if server is run as root

SUSE-SU-2023:2637-1

suse-cvrf

больше 2 лет назад

Security update for sccache

SUSE-SU-2023:3526-1

suse-cvrf

больше 2 лет назад

Security update for sccache

EPSS

Процентиль: 47%

0.00237

Низкий

7.8 High

CVSS3

Дефекты

CWE-426