脆弱性情報
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Insights-client: unsafe handling of temporary files and directories
脆弱性説明
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
CVSS情報
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
脆弱性タイプ
在具有不安全权限的目录中创建临时文件
脆弱性タイトル
Red Hat Insights 安全漏洞
脆弱性説明
Red Hat Insights是Red Hat公司的一个数据收集和分析框架,专为可扩展性和快速开发而构建。 Red Hat Insights 存在安全漏洞,该漏洞源于存在本地权限提升漏洞。攻击者可利用该漏洞在系统上创建/var/tmp/insights-client目录,并将恶意脚本放入insights-client以root身份执行。
CVSS情報
N/A
脆弱性タイプ
N/A