CVE-2020-28407 log

Source
Severity Medium
Remote No
Type Privilege escalation
Description
A potential symbolic link following issue has been found in swtpm before 0.5.1.
Group Package Affected Fixed Severity Status Ticket
AVG-1282 swtpm 0.5.0-2 0.5.1-1 Medium Fixed
Date Advisory Group Package Severity Type
19 Nov 2020 ASA-202011-21 AVG-1282 swtpm Medium privilege escalation
References
https://github.com/stefanberger/swtpm/commit/e9c9778d5c35ef077aed1ec6601b47ac478f8185
https://github.com/stefanberger/swtpm/commit/4cc42c0ba3632a98ef381bda68d0a4eaec4578db
https://github.com/stefanberger/swtpm/commit/634b6294000fb785b9f12e13b852c18a0888b01e
https://github.com/stefanberger/swtpm/commit/a03cbadd087b2602412823f254ac75a9a12d97e3
https://github.com/stefanberger/swtpm/commit/526300236dc8a7664acdc265b6fc5d767289ac39
https://github.com/stefanberger/swtpm/commit/e621b21d4c31029ebe794350fcff2bcd4b0f13a0