cvedb.io
CVE-2022-1348
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2022-05-25T16:15:08.150 · Last modified 2026-06-17T04:22:15.870

Summary

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.

Affected products

logrotate_project — logrotate

Does this affect you?

Add your gear to cvedb and we'll alert you only when logrotate_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.