Insecure Permissions in debian-edu-config Lead to Privilege Escalation

Insecure Permissions in debian-edu-config Lead to Privilege Escalation

CVE-2021-20001 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.

Learn more about our Cis Benchmark Audit For Debian Linux.