CVE-2024-52867

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-276
View all →

Vulnerability Description

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.

Related Vulnerabilities

CVE-2017-3209

HIGH
CVSS:8.1(High)

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP...

CWE-2762017

CVE-2019-9579

HIGH
CVSS:8.1(High)

An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can chang...

CWE-2762019

CVE-2019-9682

HIGH
CVSS:8.1(High)

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak securit...

CWE-2762019

CVE-2020-5196

HIGH
CVSS:8.1(High)

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permiss...

CWE-2762020

CVE-2020-5906

HIGH
CVSS:8.1(High)

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin use...

CWE-2762020