tss 0
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.
Exploitability
AV:L
AC:L
Au:N
Impact
C:P
I:N
A:N
2.1/AV:L/AC:L/Au:N/C:P/I:N/A:N