CVE-2021-31154

High

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain…

mitre·CWE-668·Published 2021-05-27

CVSS

7.8

EPSS

0.00

KEV

Exploits

cve.orgen

189 chars

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.

NVDen

189 chars

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.

pleaseedit in pleaser before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.

GHSAen

192 chars

pleaseedit in pleaser before 0.4.0 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.

NVDes

248 chars

pleaseedit in please versiones anteriores a 0.4, utiliza nombres de archivo temporales predecibles en /tmp y el directorio de destino. Esto permite a un atacante local alcanzar privilegios de root completos al poner en escena un ataque symlink

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.2	3.9	10.0	AV:L/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H