CVE-2020-13882

MEDIUM Year: 2020
CVSS v3 Score
4.2
Medium
CVSS v2 Score
3.7
Low
Weakness Type
CWE-367
View all →

Vulnerability Description

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks.

Related Vulnerabilities

CVE-2021-4001

MEDIUM
CVSS:4.1(Medium)

A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special p...

CWE-3672021

CVE-2023-20620

MEDIUM
CVSS:4.1(Medium)

In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for ...

CWE-3672023

CVE-2023-6803

MEDIUM
CVSS:4.0(Medium)

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server si...

CWE-3672023

CVE-2013-4235

MEDIUM
CVSS:4.7(Medium)

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

CWE-3672013

CVE-2015-7810

MEDIUM
CVSS:4.7(Medium)

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

CWE-3672015

CVE-2019-11482

MEDIUM
CVSS:4.7(Medium)

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

CWE-3672019