A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.
Debian
Privilege Escalation
Grub
NVD
CVSS 2.0
2.1
EPSS
0.2%