Local Privilege Escalation in Gentoo Python Package for Celery Flower
CVE-2017-14483

5.5MEDIUM

Key Information:

Vendor: Gentoo
Status: Dev-python-flower
Vendor: CVE Published:; 15 September 2017

What is CVE-2017-14483?

The Gentoo dev-python/flower package prior to version 0.9.1-r1 contains a vulnerability where the PID file ownership is set to a non-root account. This design flaw can enable local users with access to the non-root account to modify the PID file. Subsequently, they could exploit this vulnerability to terminate arbitrary processes by executing a command that accesses the PID file. This poses a security risk, allowing potential unauthorized actions within the system.

References

https://bugs.gentoo.org/631020

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2017
Vulnerability Reserved
Sep 15, 2017