Ludovic Courtès

**Name of the Vulnerable Software and Affected Versions** GNU Guix version 1.0.1 **Description** The issue allows local users to gain access to an arbitrary user's account. This is because the parent directory of the user-profile directories is world writable, which poses a security risk. **Recommendations** For GNU Guix version 1.0.1, consider changing the permissions of the parent directory of the user-profile directories to prevent it from being world writable as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.