Vulnerability Details CVE-2018-18654
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
Products affected by CVE-2018-18654
-
cpe:2.3:a:debian:crossroads:2.81