7.8
CVE-2019-3844
- EPSS 0.16%
- Veröffentlicht 26.04.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:41
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Systemd Project ≫ Systemd Version < 242
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.10
Netapp ≫ Hci Management Node Version-
Netapp ≫ Snapprotect Version-
Netapp ≫ Cn1610 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.377 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| secalert@redhat.com | 4.5 | 1 | 3.4 |
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-268 Privilege Chaining
Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.