5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which βchown -Rβ will be run.
github.com/OpenRC/opentmpfiles/issues/3