Privilege escalation vulnerability if sccache server is run as root

Impact

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD.

If the server is run as root (which is the default when installing the snap package), this means a user running the sccache client can get root privileges.

Patches

Upgrade to 0.4.0

Workarounds

Don't run sccache server as root.

GitHub Security Lab number

GHSL-2023-046

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Privilege escalation vulnerability if sccache server is run as root

Package

Affected versions

Patched versions

Description

Impact

Patches

Workarounds

GitHub Security Lab number

Severity

CVE ID

Weaknesses

Credits