The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Sanlock
NVD
CVSS 2.0
3.6
EPSS
0.0%