CRITICAL🇵🇱 Wersja polska

CVE-2020-36770

CVSS 9.8v3.1pub. 2024-01-15upd. 2025-06-20

pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gentoo Ebuild For Slurm

    APP
    Gentoo
    ≤ 22.05.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-12084CRITICAL9.8PL ✓ten sam vendor

Heap-based buffer overflow w rsync daemon — zapis poza granicami bufora sum2

CVE-2016-20021CRITICAL9.8PL ✓ten sam vendor

Brak weryfikacji podpisu PGP w Gentoo Portage emerge-webrsync

CVE-2023-28424CRITICAL9.1ten sam vendor

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Se...

CVE-2024-12085HIGH7.5ten sam vendor

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an att...

CVE-2023-26033HIGH7.5ten sam vendor

Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injecti...