5.9

CVE-2018-14650

Exploit
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Desktop Version7.0 HwPlatformx64
RedhatEnterprise Linux Workstation Version7.0 HwPlatformx64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.341
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 1.3 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
secalert@redhat.com 5.9 1.5 4
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://access.redhat.com/errata/RHSA-2018:3663
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650
Third Party Advisory
Issue Tracking
https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed
Third Party Advisory
Exploit