CVE-2020-36770 Vulnerability Details

  /     /     /  

CVE-2020-36770 Metadata Quick Info

CVE Published: 15/01/2024 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: mitre | Vendor: n/a | Product: n/a
Status : PUBLISHED

---

CVE-2020-36770 Description

pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root\'s ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: n/a
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).