HIGH🇵🇱 Wersja polska

CVE-2017-14730

CVSS 7.8v3.0pub. 2017-09-25upd. 2026-05-13

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Elasticsearch Logstash

    APP
    Elasticsearch
    5.0.05.0.15.0.25.1.15.1.25.2.05.2.15.3.05.3.15.3.25.4.15.4.25.4.35.5.05.5.1+ 2 więcej
  • Gentoo Linux

    OS
    Gentoo
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-12084CRITICAL9.8PL ✓ten sam produkt

Heap-based buffer overflow w rsync daemon — zapis poza granicami bufora sum2

CVE-2024-12085HIGH7.5ten sam produkt

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an att...

CVE-2022-23220HIGH7.8ten sam produkt

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as roo...

CVE-2017-18285HIGH7.1ten sam produkt

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, whi...

CVE-2017-18284HIGH7.1ten sam produkt

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp acco...