Опубликовано: 09 янв. 2024
Источник: github
Github: Прошло ревью
CVSS4: 6.8
CVSS3: 5.5
Описание
Apprite CLI makes Use of Hard-coded Credentials
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.
Пакеты
Наименование
appwrite-cli
npm
Затронутые версииВерсия исправления
< 3.0.0
3.0.0
Наименование
appwrite
pip
Затронутые версииВерсия исправления
< 3.0.0
3.0.0
Связанные уязвимости
CVSS3: 5.5
nvd
около 2 лет назад
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.