Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:45642
HistoryFeb 27, 2024 - 6:13 a.m.

Insecure File Permissions

2024-02-2706:13:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
rack-cors
vulnerability
file permissions
unauthorized disclosure
modification
software

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.5

Confidence

Low

rack-cors is vulnerable to Insecure File Permissions. The vulnerability is due to the distribution of files with world-writable permissions. This can potentially lead to unauthorized disclosure or modification.

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.5

Confidence

Low