CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-q94g-3gcf-66x7: Duplicate Advisory: uutils coreutils has an Incorrect Authorization issue

mediumCVSS 4.4
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-47c7-qrm7-mqw7. This link is maintained to preserve external references. Original Description The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes rely on the output of id to make security-critical access-control or permission decisions, this discrepancy can lead to unauthorized access or security misconfigurations.

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
medium — CVSS 4.4
Published
2026-04-22
Last updated
2026-07-06
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-q94g-3gcf-66x7

More from GitHub Security Advisories