CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-1521

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.4%

CVSS Severity

CVSS v3 Score 7.8

References

https://github.com/advisories/GHSA-x7fr-pg8f-93f5
https://securitylab.github.com/advisories/GHSL-2023-046_ScCache

Products affected by CVE-2023-1521

Mozilla » Sccache » Version: Any

cpe:2.3:a:mozilla:sccache:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1521

Products

Pricing

Contact Us