Directory traversal

2018-09-2720:29:00

PRIOn knowledge base

www.prio-n.com

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.

CPENameOperatorVersion
enterprise_linux_desktopeq7.0
enterprise_linux_servereq7.0
enterprise_linux_server_auseq7.6
enterprise_linux_server_euseq7.6
enterprise_linux_workstationeq7.0
sos-collectoreq1.4

Name	Operator	Version
enterprise_linux_desktop	eq	7.0
enterprise_linux_server	eq	7.0
enterprise_linux_server_aus	eq	7.6
enterprise_linux_server_eus	eq	7.6
enterprise_linux_workstation	eq	7.0
sos-collector	eq	1.4