Base Score

MEDIUM6

CVE-2022-48682

In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.

VectorLOCAL

Published Bycve@mitre.org

Published DateApr 26, 2024, 01:15

Weakness Type (CWE):CWE-367

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://bugzilla.suse.com/show_bug.cgi?id=1200381
https://github.com/adrianlopezroche/fdupes/blob/4b6bcde1b3eb1cebe87cd30814f7d6cf4ee46e95/fdupes.c
https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f
https://github.com/adrianlopezroche/fdupes/compare/v2.1.2...v2.2.0

Base Score

MEDIUM6

Weakness Type (CWE):CWE-367

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

HIGH