Lucene search
K

8 matches found

OSV
OSV
added 2023/05/11 8:47 p.m.18 views

GHSA-WC64-C5RV-32PF in-toto vulnerable to Configuration Read From Local Directory

Impact The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification 1. Among the files read is .intotorc which is a hidden file in the directory in which in-tot...

5.5CVSS5.5AI score0.00241EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/05/11 8:47 p.m.24 views

in-toto vulnerable to Configuration Read From Local Directory

Impact The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification 1. Among the files read is .intotorc which is a hidden file in the directory in which in-tot...

5.5CVSS6.5AI score0.00241EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2023/05/10 6:15 p.m.33 views

CVE-2023-32076

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

5.5CVSS5.7AI score0.00241EPSS
Exploits0References4
CVE
CVE
added 2023/05/10 5:58 p.m.71 views

CVE-2023-32076

Summary of CVE-2023-32076 (in-toto) : The vulnerability affects in-toto up to version 1.4.0, where the framework reads configuration from XDG directories and includes the hidden file .in_totorc. If an attacker controls inputs to a supply chain step, they can inject a crafted .in_totorc with exclu...

5.5CVSS5.6AI score0.00241EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/05/10 5:58 p.m.23 views

CVE-2023-32076 in-toto vulnerable to Configuration Read From Local Directory

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

5.5CVSS5.8AI score0.00241EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2023/05/10 5:58 p.m.17 views

CVE-2023-32076

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

5.5CVSS5.7AI score0.00241EPSS
Exploits0
PyPA
PyPA
added 2014/01/28 12:55 a.m.9 views

PYSEC-2014-95

Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...

3.3CVSS6.7AI score0.00315EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2014/01/28 12:55 a.m.5 views

UBUNTU-CVE-2014-1624

Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...

3.3CVSS5.9AI score0.00315EPSS
Exploits0References2
Rows per page
Query Builder