rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/pleaser/RUSTSEC-2021-0101.md
Sergey "Shnatsel" Davidoff 204c1ae2c6 add GHSA alias to RUSTSEC-2021-0101 (#1036)
2021-09-10 15:58:27 +00:00

514 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2021-0101"
package = "pleaser"
date = "2021-05-27"
url = "https://nvd.nist.gov/vuln/detail/CVE-2021-31155"
categories = ["privilege-escalation"]
cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
aliases = ["CVE-2021-31155", "GHSA-vc5p-j8vw-mc6x"]
[versions]
patched = [">= 0.4"]

Permissions bypass in pleaser

Failure to normalize the umask in pleaser before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.