Gentoo: >> Portage >> 2.3.85 Security Vulnerabilities
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-01-12
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.
CVSS Score
7.1
EPSS Score
0.0
Published
2017-06-27