Permalink
CVE-2024-22029
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
tomcat packaging allows for escalation to root from tomcat user
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
References
Affected products
tomcat
- <9.0.85-150200.57.1
- <9.0.85-3.1
Matching in nixpkgs
pkgs.tomcat9
Implementation of the Java Servlet and JavaServer Pages technologies
-
nixos-unstable -
- nixpkgs-unstable 9.0.108
pkgs.tomcat10
Implementation of the Java Servlet and JavaServer Pages technologies
-
nixos-unstable -
- nixpkgs-unstable 10.1.44
pkgs.tomcat11
Implementation of the Java Servlet and JavaServer Pages technologies
-
nixos-unstable -
- nixpkgs-unstable 11.0.11
pkgs.tomcat-native
Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc
-
nixos-unstable -
- nixpkgs-unstable 2.0.9
pkgs.tomcat_mysql_jdbc
None
-
nixos-unstable -
- nixpkgs-unstable 9.4.0
pkgs.apachetomcatscanner
Tool to scan for Apache Tomcat server vulnerabilities
-
nixos-unstable -
- nixpkgs-unstable 3.7.2
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@aanderse Aaron Andersen <aaron@fosslib.net>