Vulnerabilities > CVE-2021-31154 - Exposure of Resource to Wrong Sphere vulnerability in Pleaseedit Project Pleaseedit

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

pleaseedit-project

CWE-668

NVD

Published: 2021-05-27

Updated: 2022-07-12

Summary

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.

Vulnerable Configurations

Part	Description	Count
Application	Pleaseedit_Project Pleaseedit Project Pleaseedit *	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://gitlab.com/edneville/please/-/tree/master/src/bin
https://www.openwall.com/lists/oss-security/2021/05/18/1