Описание
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.9 (включая)
Одно из
cpe:2.3:a:gnu:gnash:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnash:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnash:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnash:0.8.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnash:0.8.9:rc4:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00442
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
больше 13 лет назад
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.
debian
больше 13 лет назад
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions ( ...
github
больше 3 лет назад
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.
EPSS
Процентиль: 63%
0.00442
Низкий
5 Medium
CVSS2
Дефекты
CWE-264