A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| below(crates.io) | 0 | 0.9.0 | N/A |
CVSS Metrics
