When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access.
References
Link | Resource |
---|---|
https://advisories.octopus.com/adv/2021-11---Local-privilege-escalation-in-Octopus-Tentacle-(CVE-2021-31822).2283732993.html | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2021-11-24 08:15
Updated : 2021-11-29 11:14
NVD link : CVE-2021-31822
Mitre link : CVE-2021-31822
JSON object : View
CWE
CWE-276
Incorrect Default Permissions
Products Affected
octopus
- tentacle
linux
- linux_kernel