edneville/please

edneville/please

Releases22

Frequency2 months 1 week

Last Release almost 2 years ago

Stars70

please, sudo like program with regex support written in rust

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-46277 ↗	Oct 20, 2023Friday, 20 October 2023, 05:15	7.8 HIGH	—
please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)
CVE-2021-31153 ↗	May 27, 2021Thursday, 27 May 2021, 13:15	3.3 LOW	2.1 LOW
please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d option.
CVE-2021-31154 ↗	May 27, 2021Thursday, 27 May 2021, 13:15	7.8 HIGH	7.2 HIGH
pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.
CVE-2021-31155 ↗	May 27, 2021Thursday, 27 May 2021, 13:15	7.8 HIGH	7.2 HIGH
Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.