Описание
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.11.12-2 |
| cosmic | not-affected | 2.11.12-2 |
| devel | not-affected | 2.11.12-2 |
| disco | not-affected | 2.11.12-2 |
| eoan | not-affected | 2.11.12-2 |
| esm-apps/bionic | not-affected | 2.11.12-2 |
| esm-apps/focal | not-affected | 2.11.12-2 |
| esm-apps/jammy | not-affected | 2.11.12-2 |
| esm-apps/noble | not-affected | 2.11.12-2 |
Показывать по
EPSS
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...
High severity vulnerability that affects org.scala-lang:scala-compiler
EPSS
7.2 High
CVSS2
7.8 High
CVSS3