Insecure Permissions in debian-edu-config Lead to Privilege Escalation
CVE-2021-20001 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
Learn more about our Cis Benchmark Audit For Debian Linux.