Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00071
Percentile: 0.22386

CVSS Scoring

Affected Products

• cpe:2.3:a:thibault_godouet:fcron:2.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:thibault_godouet:fcron:2.9.4:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

← Back to Home