CVE-2018-14650

Опубликовано: 27 сент. 2018

Источник: nvd

CVSS3: 5.9

CVSS3: 5

CVSS2: 1.9

EPSS Низкий

Описание

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.

Ссылки

https://access.redhat.com/errata/RHSA-2018:3663
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650
Issue Tracking
Third Party Advisory
https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed
Exploit
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3663
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650
Issue Tracking
Third Party Advisory
https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sos-collector_project:sos-collector:1.4:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*

EPSS

Процентиль: 13%

0.00044

Низкий

5.9 Medium

CVSS3

5 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-732

CWE-276

Связанные уязвимости

CVE-2018-14650

CVSS3: 5.9

ubuntu

около 7 лет назад

CVE-2018-14650

CVSS3: 5.9

redhat

около 7 лет назад

GHSA-4pjf-x44m-95hq

CVSS3: 5

github

больше 3 лет назад

ELSA-2018-3663

oracle-oval

почти 7 лет назад

ELSA-2018-3663: sos-collector security update (MODERATE)

EPSS

Процентиль: 13%

0.00044

Низкий

5.9 Medium

CVSS3

5 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-732

CWE-276