PublicDateAtUSN: 2021-05-05 00:00:00 UTC
Candidate: CVE-2021-31154
PublicDate: 2021-05-27 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31154
 https://ubuntu.com/security/notices/USN-4955-1
Description:
 pleaseedit in please before 0.4 uses predictable temporary filenames in
 /tmp and the target directory. This allows a local attacker to gain full
 root privileges by staging a symlink attack.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/rust-pleaser/+bug/1928381
Priority: medium
Discovered-by: Matthias Gerstner
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_rust-pleaser:
upstream_rust-pleaser: released (0.4.1-1)
precise/esm_rust-pleaser: DNE
trusty_rust-pleaser: ignored (out of standard support)
trusty/esm_rust-pleaser: DNE
xenial_rust-pleaser: ignored (out of standard support)
bionic_rust-pleaser: DNE
focal_rust-pleaser: DNE
groovy_rust-pleaser: DNE
hirsute_rust-pleaser: released (0.4.1-1~21.04.2)
impish_rust-pleaser: not-affected (0.4.1-1)
jammy_rust-pleaser: not-affected (0.4.1-1)
devel_rust-pleaser: not-affected (0.4.1-1)