Lucene search
MitreCVE-2020-36770HistoryJan 15, 2024 - 7:15 a.m.
CVE-2020-36770
2024-01-1507:15:07
mitre
web.nvd.nist.gov
15
cve-2020-36770
gentoo
slurm
security vulnerability
file ownership
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.3
Confidence
High
EPSS
0.001
Percentile
40.0%
pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root’s ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.
Affected configurations
Node
gentooebuild_for_slurmRange≤22.05.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gentoo | ebuild_for_slurm | * | cpe:2.3:a:gentoo:ebuild_for_slurm:*:*:*:*:*:*:*:* |
References
Related
prion
prion
Design/Logic Flaw
2024-01-15 07:15:00
cvelist
cvelist
CVE-2020-36770
2024-01-15 00:00:00
nvd
nvd
CVE-2020-36770
2024-01-15 07:15:07
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.3
Confidence
High
EPSS
0.001
Percentile
40.0%
Related for CVE-2020-36770