Skolelinux Debian-Edu-Config vulnerabilities
2 known vulnerabilities affecting skolelinux/debian-edu-config.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-20001CRITICALCVSS 9.8fixed in 2.12.162022-02-11
CVE-2021-20001 [CRITICAL] CWE-276 CVE-2021-20001: It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blen
It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
nvdosv
CVE-2019-3467HIGHCVSS 7.8fixed in 2.11.102019-12-23
CVE-2019-3467 [HIGH] CWE-732 CVE-2019-3467: Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debi
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.
nvdosv