CVE-2019-20384

CWE-362Race ConditionCWE-2813 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 74.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gentoo Portage
Timeline
PublishedJan 21
Latest updateMay 24

Description

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDgentoo/portage2.3.84

🔴Vulnerability Details

2
GHSA
GHSA-fj76-6r22-qfgv: Gentoo Portage through 22022-05-24
CVEList
CVE-2019-20384: Gentoo Portage through 22020-01-20
CVE-2019-20384 (MEDIUM CVSS 5.5) | Gentoo Portage through 2.3.84 allow | cvebase.io