Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user’s task. This can also affect all users who are signed in on the system if a shell is placed in a location that other unprivileged users have access to.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11799
Reference (s):
- https://blog.spookysec.net/zcron/