ByteOS Network

CVE Vulnerability Details :

CVE-2018-14650

PUBLISHED

More Info Official Page

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-27 Sep, 2018 | 20:00

Updated At-05 Aug, 2024 | 09:38

▼CVE Numbering Authority (CNA)

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.

Affected Products

Vendor

[UNKNOWN]

Product

sos-collector

Versions

Affected

Problem Types

Type	CWE ID	Description
CWE	CWE-732	CWE-732

Metrics

Version	Base score	Base severity	Vector
3.0	5.9	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

References

Hyperlink	Resource
https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3663	vendor-advisory x_refsource_REDHAT

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed	x_refsource_CONFIRM x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2018:3663	vendor-advisory x_refsource_REDHAT x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References