Описание
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
A flaw was found in the Tomcat package of OpenSUSE and derived distributions. This issue occurs due to incorrect permissions and a race condition in the %post section of the Tomcat RPM package, resulting in local privilege escalation when the Tomcat package is re-installed.
Отчет
This flaw is specific to OpenSUSE and derived distributions. Therefore, Red Hat products are not affected by this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | tomcat | Not affected | ||
| Red Hat Enterprise Linux 6 | tomcat6 | Not affected | ||
| Red Hat Enterprise Linux 7 | tomcat | Not affected | ||
| Red Hat Enterprise Linux 8 | pki-deps:10.6/pki-servlet-engine | Not affected | ||
| Red Hat Enterprise Linux 8 | tomcat | Not affected | ||
| Red Hat Enterprise Linux 9 | pki-servlet-engine | Not affected | ||
| Red Hat Enterprise Linux 9 | tomcat | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
Insecure permissions in the packaging of tomcat allow local users that ...
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
EPSS
7 High
CVSS3