MiracleLinux 8 : rust-toolset:rhel8 (AXSA:2023-6349:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6349:01 advisory. rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 Tenable has extracted the preceding description block directly from...

rust-cargo: cargo does not respect the umask when extracting dependencies

A flaw was found in the rust-cargo package. Cargo, as bundled with the Rust compiler, did not respect the umask when extracting dependency tarballs and caching the extraction for future builds. If a dependency contained files with 0777 permissions, another local user could edit the cache of the...