CVE-2021-20106: Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. Nessus says this is a privilege escalation but it's worded more like a code execution issue? Anyway, fixed in 8.3.0, please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0f7ce8cac1fe980dca8e2bbfed758cbc6dd87a8 commit c0f7ce8cac1fe980dca8e2bbfed758cbc6dd87a8 Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2021-07-21 19:43:29 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2021-07-21 19:45:06 +0000 net-analyzer/nessus-agent-bin: add 8.3.0, drop 8.2.5 Bug: https://bugs.gentoo.org/803254 Signed-off-by: Marek Szuba <marecki@gentoo.org> net-analyzer/nessus-agent-bin/Manifest | 2 +- .../{nessus-agent-bin-8.2.5.ebuild => nessus-agent-bin-8.3.0.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
(In reply to John Helmert III from comment #0) > CVE-2021-20106: > Nessus says this is a privilege escalation but it's worded more like a code > execution issue? Doesn't matter since we won't GLSA anyway. Thanks Marecki! All done.
