A flaw demonstrating local privilege escalation from the default tomcat user/group to root was reported to SUSE. /usr/share/tomcat/tomcat-webapps is owned by root but writable for the tomcat group, which can potentially be exploited with specially crafted inputs/payload. PoC and explanation can be found in the below referenced bug. Affected versions: < 9.0.85 References: https://bugzilla.suse.com/show_bug.cgi?id=1219208 https://bz.apache.org/bugzilla/show_bug.cgi?id=68663
Created tomcat tracking bugs for this issue: Affects: fedora-all [bug 2271115]