AZL-13293

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-13293.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-13293
Upstream
Published
2023-02-02T21:22:38Z
Modified
2026-04-01T05:07:37.428840Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
CVE-2022-3560 affecting package pesign 0.112-32
Details

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

References

Affected packages

Azure Linux:2 / pesign

Package

Name
pesign
Purl
pkg:rpm/azure-linux/pesign

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.112-32

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-13293.json"