CVE-2020-25507
CVE-2020-25507 affects TeamworkCloud 18.0–19.0. The installation script incorrectly assigns permissions, enabling a local unprivileged user to write to /etc/environment (0777) and to the twcloud user’s home at /home/twcloud, causing all users (including root) to execute arbitrary code on next log...