CVE-2010-2022

high

Description

jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.

References

http://www.vupen.com/english/advisories/2010/1247

http://www.securityfocus.com/bid/40399

http://securitytracker.com/id?1024038

http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc

Details

Source: Mitre, NVD

Published: 2010-05-28

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00142