rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/pleaser/RUSTSEC-2021-0102.md
Sergey "Shnatsel" Davidoff a665da67eb Add GHSA alias to RUSTSEC-2021-0102
2021-09-10 15:58:05 +00:00

545 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2021-0102"
package = "pleaser"
date = "2021-05-27"
url = "https://nvd.nist.gov/vuln/detail/CVE-2021-31154"
categories = ["privilege-escalation"]
cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
aliases = ["CVE-2021-31154", "GHSA-pp74-39w2-v4w9"]
[versions]
patched = [">= 0.4"]

Permissions bypass in pleaser

pleaseedit in pleaser before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.