Your submission was sent successfully! Close

CVE-2021-31154

Published: 5 May 2021

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
rust-pleaser
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute
Released (0.4.1-1~21.04.2)
impish Not vulnerable
(0.4.1-1)
jammy Not vulnerable
(0.4.1-1)
precise Does not exist

trusty Does not exist

upstream
Released (0.4.1-1)
xenial Ignored
(out of standard support)