cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Cronic
Debian Linux
Leap
Opensuse
NVD
CVSS 3.0
6.2
EPSS
0.1%