pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-27T12:10:39
Updated: 2024-08-03T22:48:14.354Z
Reserved: 2021-04-14T00:00:00
Link: CVE-2021-31154
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-05-27T13:15:08.140
Modified: 2024-11-21T06:05:11.570
Link: CVE-2021-31154
Redhat
No data.