Back to search
CVE-2023-1521
Published: Nov 26, 2024
Modified: Nov 26, 2024
PUBLISHED
Description
On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.
| Vendor | Product | Versions |
|---|---|---|
Mozilla | sccache | affected 0 - < 0.4.0 |
Weaknesses (CWE)
References
https://securitylab.github.com/advisories/GHSL-2023-046_ScCache
third-party-advisory
https://github.com/advisories/GHSA-x7fr-pg8f-93f5
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now