Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-13012

Опубликовано: 28 июн. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.

РелизСтатусПримечание
bionic

released

2.56.4-0ubuntu0.18.04.4
cosmic

released

2.58.1-2ubuntu0.2
devel

not-affected

2.60.4-1
disco

not-affected

2.60.4-0ubuntu0.19.04.1
esm-infra-legacy/trusty

not-affected

2.40.2-0ubuntu1.1+esm3
esm-infra/bionic

not-affected

2.56.4-0ubuntu0.18.04.4
esm-infra/xenial

not-affected

2.48.2-0ubuntu4.4
precise/esm

not-affected

2.32.4-0ubuntu1.4
trusty

ignored

end of standard support
trusty/esm

released

2.40.2-0ubuntu1.1+esm3

Показывать по

Ссылки на источники

EPSS

Процентиль: 76%
0.00995
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-13012

CVSS3: 4.4
redhat
почти 6 лет назад

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.

nvd логотип

CVE-2019-13012

CVSS3: 7.5
nvd
почти 6 лет назад

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.

msrc логотип

CVE-2019-13012

CVSS3: 7.5
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-13012

CVSS3: 7.5
debian
почти 6 лет назад

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 ...

suse-cvrf логотип

openSUSE-SU-2019:1749-1

suse-cvrf
почти 6 лет назад

Security update for glib2

EPSS

Процентиль: 76%
0.00995
Низкий

5 Medium

CVSS2

7.5 High

CVSS3