Debian · Debian-Edu-Config · CVE-2021-20001
**Name of the Vulnerable Software and Affected Versions**
debian-edu-config versions prior to 2.12.16
**Description**
It was discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend, configured insecure permissions for the user web shares (~/public html), which could result in privilege escalation.
**Recommendations**
For versions prior to 2.12.16, update to version 2.12.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the user web shares (~/public html) until the update is applied.