Vulnerability Details CVE-2019-20384
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
Products affected by CVE-2019-20384
-
cpe:2.3:a:gentoo:portage:-
-
cpe:2.3:a:gentoo:portage:2.0.50
-
cpe:2.3:a:gentoo:portage:2.0.51.22
-
cpe:2.3:a:gentoo:portage:2.1.1
-
cpe:2.3:a:gentoo:portage:2.1.3.10
-
cpe:2.3:a:gentoo:portage:2.1.4.4
-
cpe:2.3:a:gentoo:portage:2.3.79
-
cpe:2.3:a:gentoo:portage:2.3.80
-
cpe:2.3:a:gentoo:portage:2.3.81
-
cpe:2.3:a:gentoo:portage:2.3.82
-
cpe:2.3:a:gentoo:portage:2.3.83
-
cpe:2.3:a:gentoo:portage:2.3.84