← Back to CVEs
CVE-2020-36770
CRITICAL9.8
Description
pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/15/2024
Last Modified6/20/2025
Sourcenvd
Honeypot Sightings0
Affected Products
gentoo:ebuild_for_slurm
Weaknesses (CWE)
CWE-732
References
https://bugs.gentoo.org/631552(cve@mitre.org)
https://bugs.gentoo.org/631552(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.