CVE-2022-37706
HIGH WAF: Low
CVSS 7.8
Published: 2022-12-25
CWE-269 CWE-269
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| enlightenment | enlightenment | up to 0.25.4 |
References
- git.enlightenment.org (Patch, Third Party Advisory)
- git.enlightenment.org (Patch, Third Party Advisory)
- github.com (Exploit, Third Party Advisory)