edneville

3 exploits Active since May 2021
CVE-2021-31153 WRITEUP LOW WORKING POC
please <0.4 - Info Disclosure
please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d option.
CVSS 3.3
CVE-2021-31154 WRITEUP HIGH WORKING POC
pleaseedit <0.4 - Privilege Escalation
pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.
CVSS 7.8
CVE-2021-31155 WRITEUP HIGH WORKING POC
please <0.4 - Privilege Escalation
Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.
CVSS 7.8