How severe is CVE-2019-15793?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2019-15793?

This is classified as CWE-538, which is a common weakness in software security.

CVE-2019-15793 - HIGH Severity | CVSS 8.8

Vulnerability Description

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.

Related Vulnerabilities

CVE-2024-22433

CRITICAL

CVSS:9.8(Critical)

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker co...

CWE-5382024

CVE-2021-40363

HIGH

CVSS:7.8(High)

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions <...

CWE-5382021

CVE-2022-4318

HIGH

CVSS:7.8(High)

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

CWE-5382022

CVE-2016-10399

HIGH

CVSS:7.5(High)

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted U...

CWE-5382016

CVE-2019-6851

HIGH

CVSS:7.5(High)

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of in...

CWE-5382019

CVE-2022-44623

HIGH

CVSS:7.5(High)

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings

CWE-5382022