CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:C/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
Vendor | Product | Version | CPE |
---|---|---|---|
gentoo | app-crypt_pinentry | 0.7.2 | cpe:2.3:a:gentoo:app-crypt_pinentry:0.7.2:*:*:*:*:*:*:* |
gentoo | app-crypt_pinentry | 0.7.2 | cpe:2.3:a:gentoo:app-crypt_pinentry:0.7.2:r1:*:*:*:*:*:* |
gentoo | linux | * | cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:* |