7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
glib uses improper permissions for directory and file restrictions. Directories are created using less restrictive permissions for directory and file using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL) in keyfile settings backend. Therefore, creating some directories uses 0777 permission instead of 0700 and creating files uses a default file permission.
CPE | Name | Operator | Version |
---|---|---|---|
glib | le | 2.36.2.11 | |
glib2 | eq | 2.56.4__1.el8 | |
glib2 | eq | 2.56.4__7.el8 | |
glib2 | eq | 2.56.4__8.el8 |
lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html
bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12
gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429
gitlab.gnome.org/GNOME/glib/issues/1658
gitlab.gnome.org/GNOME/glib/merge_requests/450
lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
lists.debian.org/debian-lts-announce/2019/07/msg00029.html
lists.debian.org/debian-lts-announce/2019/08/msg00004.html
security.netapp.com/advisory/ntap-20190806-0003/
usn.ubuntu.com/4049-1/
usn.ubuntu.com/4049-2/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N