Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2020-10174
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.9/10
- Exploit Score
- 3.4/10
- Access Vector
- Local
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 10/10
- Confidentiality Impact
- Complete
- Availability Impact
- Complete
- Integrity Impact
- Complete
CVSSv3.1 Score
- Severity
- High
- Base Score
- 7/10
- Exploit Score
- 1/10
- Access Vector
- Local
- Access Complexity
- High
- Privileges Required
- Low
- Impact Score
- 5.9/10
- Confidentiality Impact
- High
- Availability Impact
- High
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:timeshift_project:timeshift:*:*:*:*:*:*:*:* |
Yes
|
- | 20.03 | |
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- https://github.com/teejee2008/timeshift/releases/tag/v20.03
- https://bugzilla.suse.com/show_bug.cgi?id=1165802
- https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462
- http://www.openwall.com/lists/oss-security/2020/03/06/3
- https://usn.ubuntu.com/4312-1/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org