CVE-2011-1500

2011-04-1314:00:00

redhat

www.cve.org

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user’s home directory, which allows local users to obtain Pandora credentials by reading this file.

References

openwall.com/lists/oss-security/2011/04/08/2

openwall.com/lists/oss-security/2011/04/08/4

secunia.com/advisories/44059

www.securityfocus.com/bid/47300

bugs.launchpad.net/pithos/+bug/733307

exchange.xforce.ibmcloud.com/vulnerabilities/66661