Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-32207

Опубликовано: 07 июл. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.

РелизСтатусПримечание
bionic

not-affected

code not present
devel

released

7.84.0-1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
focal

not-affected

code not present
impish

released

7.74.0-1.3ubuntu2.3
jammy

released

7.81.0-1ubuntu1.3
kinetic

released

7.84.0-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 35%
0.00144
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-32207

CVSS3: 9.8
redhat
около 3 лет назад

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

nvd логотип

CVE-2022-32207

CVSS3: 9.8
nvd
около 3 лет назад

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

msrc логотип

CVE-2022-32207

CVSS3: 9.8
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-32207

CVSS3: 9.8
debian
около 3 лет назад

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files ...

github логотип

GHSA-mvxp-vg38-gq5c

CVSS3: 9.8
github
около 3 лет назад

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

EPSS

Процентиль: 35%
0.00144
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3