vulnerability

Debian: CVE-2022-3560: pesign -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:N)

Published

Feb 2, 2023

Added

May 15, 2025

Modified

Mar 30, 2026

Description

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

Solution

no-fix-debian-deb-package

References

CVE-2022-3560
https://attackerkb.com/topics/CVE-2022-3560
CWE-22
EUVD-EUVD-2022-42926
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-42926

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report