CVE-2023-1521 – Local Privilege Escalation in sccache

https://notcve.org/view.php?id=CVE-2023-1521

26 Nov 2024 — On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges. • https://github.com/advisories/GHSA-x7fr-pg8f-93f5 • CWE-426: Untrusted Search Path •