Storebackup » Storebackup : Security Vulnerabilities, CVEs, CVSS score >= 6
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
Max CVSS
9.3
EPSS Score
0.54%
Published
2020-01-21
Updated
2023-01-27
1 vulnerabilities found