CVE-2022-25643

Critical

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a…

mitre·CWE-668·Published 2022-02-22

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

170 chars

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.

NVDen

170 chars

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.

seatd-launch en seatd versiones 0.6.x anteriores a 0.6.4, permite eliminar archivos con privilegios escalados cuando es instalado setuid root. El vector de ataque es un nombre de ruta de socket suministrado por el usuario

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	9.3	8.6	10.0	AV:N/AC:M/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H