CVE-2018-14650
Description
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.
Risk Information
Base Score
5.0
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.044
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Sos-collector security update (CESA-2018:3663) sos-collector-1.5-3.el7_6.noarch.rpm | Linux |
| (RHSA-2018:3663) sos-collector security update sos-collector-1.5-3.el7_6.noarch.rpm | Linux |
| Sos-collector update (ELSA-2018-3663) sos-collector-1.5-3.0.1.el7_6.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234