Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as “authentication secrets.”
CPE | Name | Operator | Version |
---|---|---|---|
enterprise_linux | eq | 6.0 | |
luci | eq | 0.26.0 |