Storebackup - Storebackup CVE

Filtered by vendor Storebackup Subscribe

Filtered by product Storebackup

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-7040	3 Debian, Opensuse, Storebackup	4 Debian Linux, Backports Sle, Leap and 1 more	2020-09-17	9.3 HIGH	8.1 HIGH
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)

Vulnerabilities (CVE)