Lucene search

[email protected]CVE-2020-36657

HistoryJan 26, 2023 - 9:15 p.m.

CVE-2020-36657

2023-01-2621:15:21

[email protected]

web.nvd.nist.gov

cve-2020-36657

uptimed

gentoo

security vulnerability

privilege escalation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.

Affected configurations

NVD

Node

uptimed_projectuptimedRange<0.4.6gentoo

CPENameOperatorVersion
uptimed_project:uptimeduptimed project uptimedlt0.4.6

CPE	Name	Operator	Version
uptimed_project:uptimed	uptimed project uptimed	lt	0.4.6

References

bugs.gentoo.org/630810

security.gentoo.org/glsa/202305-14

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-36657

debiancve1 gentoo1 prion1 ubuntucve1 osv1 nvd1 cvelist1 nessus1