seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
References
Configurations
History
08 Nov 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-668 |
04 Mar 2022, 13:49
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/kennylevinsen/seatd/tags - Third Party Advisory | |
References | (MISC) https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E - Third Party Advisory | |
References | (MISC) https://github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4 - Release Notes, Third Party Advisory | |
First Time |
Seatd Project seatd
Seatd Project |
|
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 9.8 |
CPE | cpe:2.3:a:seatd_project:seatd:*:*:*:*:*:*:*:* |
24 Feb 2022, 16:02
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-24 15:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-25643
Mitre link : CVE-2022-25643
CVE.ORG link : CVE-2022-25643
JSON object : View
Products Affected
seatd_project
- seatd
CWE
CWE-668
Exposure of Resource to Wrong Sphere