Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46277: start new process in a new PTY (!69) · Merge requests · ed neville / please · GitLab

please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)

CVE
Open in Source
#linux#git

Skip to content

GitLab

    • Why GitLab
    • Pricing
    • Contact Sales
    • Explore

  • Why GitLab

  • Pricing

  • Contact Sales

  • Explore

  • Sign in

  • Get free trial

  • ed neville

  • please

  • Merge requests

  • !69

start new process in a new PTY

  • Review changes

  • Download

  • Patches

  • Plain diff

Alexander Kjäll requested to merge alexanderkjall/please:fix-issue-13 into master Oct 07, 2023

  • Overview 18
  • Commits 2
  • Pipelines 2
  • Changes 3

in order to fix the security problem described in #13 start the new command in a new PTY and inherit STDIN/STDOUT/STDERR from the original one

Merge request reports

Related news

GHSA-cgf8-h3fp-h956: Pleaser privilege escalation vulnerability

please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE