Insecure Defaults

2017-05-0305:26:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

sosreport is vulnerable to insecure defaults. The library creates temporary archive files with world-readable permissions, allowing a malicious user to extract these files and read their contents. This vulnerability exists due to a regression in the default behavior of sosreport.