CVE-2021-20001

Published: Feb 11, 2022

Modified: Sep 16, 2024

PUBLISHED

Description

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.

Vendor	Product	Versions
Debian	debian-edu-config	affected `< 2.12.16`

References

https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5

x_refsource_MISC

[debian-lts-announce] 20220211 [SECURITY] [DLA 2918-1] debian-edu-config security update

mailing-list

x_refsource_MLIST

[debian-security-announce] 20220211 [SECURITY] [DSA 5072-1] debian-edu-config security update

mailing-list

x_refsource_MLIST

DSA-5072

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-20001

Description

Affected Products

References