VYPR

groonga-httpd

by Debian

CVEs (1)

  • CVE-2019-11675May 2, 2019
    risk 0.00cvss epss 0.00

    The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from…