CVE-2021-20551

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149...

OESA-2022-1724 logrotate security update

The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files.logrotate Logrotate can be set to handle a log file daily, weekly, monthly or whe...

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist it is created with world-readable permission allowing an unprivileged user to lock the state file stopping any rotation. This flaw affects logrotate versions before 3.20.0.

...

Privilege Escalation

logrotate is vulnerable to privilege escalation. The vulnerability exists due to a lack of verification of the permission of a state file which creates a world-readable permission file when it doesn't exists allowing an attacker to lock the state file and prevent any rotation...

Ubuntu 22.04 LTS : logrotate vulnerability (USN-5447-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5447-1 advisory. It was discovered that logrotate incorrectly handled the state file. A local attacker could possibly use this issue to keep a lock on the state file and cause...

DEBIAN-CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

ALPINE-CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

AZL-9845 CVE-2022-1348 affecting package logrotate for versions less than 3.20.1-1

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

PT-2022-13818 · Logrotate +7 · Logrotate +7

Name of the Vulnerable Software and Affected Versions: logrotate versions prior to 3.20.0 Description: A flaw was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock...

UBUNTU-CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

Ansible Sensitive Files Are Locally Readable

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file...

Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for defaultvalues.yaml, which allows local users to obtain passwords and other sensitive information by reading the file...

GHSA-HXVP-655X-XXQV Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for defaultvalues.yaml, which allows local users to obtain passwords and other sensitive information by reading the file...

GHSA-JPMF-8CJ2-595G Improper Link Resolution Before File Access in Apache Hadoop

The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during...