3.3
CVE-2025-20233
- EPSS 0.06%
- Veröffentlicht 26.03.2025 22:06:39
- Zuletzt bearbeitet 01.08.2025 18:03:30
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing
In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Splunk ≫ Splunk App For Lookup File Editing Version >= 4.0.0 < 4.0.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.179 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| psirt@cisco.com | 2.5 | 1 | 1.4 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.