CVE-2022-25643

Опубликовано: 24 фев. 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 9.3

CVSS3: 9.8

Описание

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.

Релиз	Статус	Примечание
devel	not-affected	0.7.0-5
esm-apps/jammy	needs-triage
esm-apps/noble	not-affected	0.7.0-5
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage
lunar	not-affected	0.7.0-5
mantic	not-affected	0.7.0-5
noble	not-affected	0.7.0-5
oracular	not-affected	0.7.0-5
plucky	not-affected	0.7.0-5

Показывать по

Ссылки на источники

EPSS

Процентиль: 82%

0.01674

Низкий

9.3 Critical

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2022-25643

CVSS3: 9.8

nvd

почти 4 года назад

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.

CVE-2022-25643

CVSS3: 9.8

debian

почти 4 года назад

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with es ...

GHSA-m93q-8wxv-xgc5

CVSS3: 9.8

github

почти 4 года назад

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.

EPSS

Процентиль: 82%

0.01674

Низкий

9.3 Critical

CVSS2

9.8 Critical

CVSS3

CVE-2022-25643

Описание

Пакет seatd

Ссылки на источники

Связанные уязвимости