CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27851 – Local privilege escalation in GNU Guix via guix-daemon and '--keep-failed'
https://notcve.org/view.php?id=CVE-2021-27851
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. • https://bugs.gnu.org/47229 https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18192
https://notcve.org/view.php?id=CVE-2019-18192
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. GNU Guix versión 1.0.1, permite a los usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son escribibles por todo el mundo, un problema similar a CVE-2019-17365. • http://www.openwall.com/lists/oss-security/2019/10/17/3 https://issues.guix.gnu.org/issue/37744 • CWE-732: Incorrect Permission Assignment for Critical Resource •