CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CVE-2024-3904 (GCVE-0-2024-3904)
Vulnerability from cvelistv5 – Published: 2024-07-04 09:11 – Updated: 2024-08-01 20:26
VLAI
Summary
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product.
Severity
8.8 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisory |
| https://jvn.jp/vu/JVNVU91215350/index.html | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | MELIPC Series MI5122-VW |
Affected:
Firmware versions "05" to "07"
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:mitsubishi:melipc_mi5122-vw_firmware:05:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "melipc_mi5122-vw_firmware",
"vendor": "mitsubishi",
"versions": [
{
"lessThanOrEqual": "07",
"status": "affected",
"version": "05",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T13:49:41.501811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T13:52:40.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU91215350/index.html"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELIPC Series MI5122-VW",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"05\" to \"07\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions \"05\" to \"07\" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product."
}
],
"value": "Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions \"05\" to \"07\" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T00:28:13.328Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU91215350/index.html"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-3904",
"datePublished": "2024-07-04T09:11:22.679Z",
"dateReserved": "2024-04-17T02:56:01.539Z",
"dateUpdated": "2024-08-01T20:26:57.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39347 (GCVE-0-2024-39347)
Vulnerability from cvelistv5 – Published: 2024-06-28 06:30 – Updated: 2024-08-02 04:26
VLAI
Summary
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.
Severity
5.9 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.synology.com/en-global/security/advis… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | Synology Router Manager (SRM) |
Affected:
1.3 , < 1.3.1-9346-8
(semver)
Affected: 1.2 , < 1.2.5-8227-11 (semver) Unknown: 0 , < 1.2 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T14:49:31.346987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T16:39:01.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:14.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Synology-SA-23:16 SRM (PWN2OWN 2023)",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Synology Router Manager (SRM)",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.3.1-9346-8",
"status": "affected",
"version": "1.3",
"versionType": "semver"
},
{
"lessThan": "1.2.5-8227-11",
"status": "affected",
"version": "1.2",
"versionType": "semver"
},
{
"lessThan": "1.2",
"status": "unknown",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tri and Bien Pham (@bienpnn) from Team Orca of Sea Security working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T06:30:10.727Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"name": "Synology-SA-23:16 SRM (PWN2OWN 2023)",
"tags": [
"vendor-advisory"
],
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2024-39347",
"datePublished": "2024-06-28T06:30:10.727Z",
"dateReserved": "2024-06-24T10:57:17.890Z",
"dateUpdated": "2024-08-02T04:26:14.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39544 (GCVE-0-2024-39544)
Vulnerability from cvelistv5 – Published: 2024-10-11 15:18 – Updated: 2024-10-11 18:59
VLAI
Title
Junos OS Evolved: Low privileged local user able to view NETCONF traceoptions files
Summary
An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.
On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows
a low-privileged user can access sensitive information compromising the confidentiality of the system.
Junos OS Evolved:
* All versions before 20.4R3-S9-EVO,
* 21.2-EVO before 21.2R3-S7-EVO,
* 21.4-EVO before 21.4R3-S5-EVO,
* 22.1-EVO before 22.1R3-S5-EVO,
* 22.2-EVO before 22.2R3-S3-EVO,
* 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,
* 22.4-EVO before 22.4R3-EVO,
* 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.
Severity
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA88106 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 20.4R3-S9-EVO
(semver)
Affected: 21.2-EVO , < 21.2R3-S7-EVO (semver) Affected: 21.4-EVO , < 21.4R3-S5-EVO (semver) Affected: 22.1-EVO , < 22.1R3-S5-EVO (semver) Affected: 22.2-EVO , < 22.2R3-S3-EVO (semver) Affected: 22.3-EVO , < 22.3R3-S2-EVO (semver) Affected: 22.4-EVO , < 22.4R3-EVO (semver) Affected: 23.2-EVO , < 23.2R1-S2-EVO, 23.2R2-EVO (semver) |
Date Public
2024-10-09 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T18:59:25.826891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:59:35.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2-EVO, 23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NETCONF traceoptions are configured within the following Junos hierarchy:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[system services netconf traceoptions]\u003c/tt\u003e"
}
],
"value": "NETCONF traceoptions are configured within the following Junos hierarchy:\n\n[system services netconf traceoptions]"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An\u0026nbsp;Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.\u003cbr\u003e\u003cbr\u003e\n\nOn all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows \n\na low-privileged user can access sensitive information compromising the confidentiality of the system.\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eJunos OS Evolved:\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S9-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.2-EVO before 21.2R3-S7-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.4-EVO before 21.4R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.1-EVO before 22.1R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.2-EVO before 22.2R3-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.4-EVO before 22.4R3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An\u00a0Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.\n\n\n\nOn all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows \n\na low-privileged user can access sensitive information compromising the confidentiality of the system.\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n\n * All versions before 20.4R3-S9-EVO,\u00a0\n * 21.2-EVO before 21.2R3-S7-EVO,\u00a0\n * 21.4-EVO before 21.4R3-S5-EVO,\u00a0\n * 22.1-EVO before 22.1R3-S5-EVO,\u00a0\n * 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,\u00a0\n * 22.4-EVO before 22.4R3-EVO,\u00a0\n * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T15:18:38.836Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA88106"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;Junos OS Evolved 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003ch3\u003eRestoration:\u003cbr\u003e\u003c/h3\u003eTo completely remediate this issue, any previously written traceoptions log files should be deleted or have their file permissions changed. See Workaround section above for details."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a0Junos OS Evolved 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\nRestoration:\nTo completely remediate this issue, any previously written traceoptions log files should be deleted or have their file permissions changed. See Workaround section above for details."
}
],
"source": {
"advisory": "JSA88106",
"defect": [
"1752889"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Low privileged local user able to view NETCONF traceoptions files",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable NETCONF traceoptions and delete any existing traceoptions files in /var/log.\u003cbr\u003e\u003cbr\u003eManually modify the permissions of the NETCONF log file to restore the correct group ownership:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@junos\u0026gt; file change-owner group root /var/log/netconflog.log\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Disable NETCONF traceoptions and delete any existing traceoptions files in /var/log.\n\nManually modify the permissions of the NETCONF log file to restore the correct group ownership:\n\nuser@junos\u003e file change-owner group root /var/log/netconflog.log"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39544",
"datePublished": "2024-10-11T15:18:38.836Z",
"dateReserved": "2024-06-25T15:12:53.245Z",
"dateUpdated": "2024-10-11T18:59:35.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4030 (GCVE-0-2024-4030)
Vulnerability from cvelistv5 – Published: 2024-05-07 21:02 – Updated: 2024-09-07 02:44
VLAI
Title
tempfile.mkdtemp() may be readable and writeable by all users on Windows
Summary
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.
If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.
This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
Severity
7.1 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
15 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.8.20
(python)
Affected: 3.9.0 , < 3.9.20 (python) Affected: 3.10.0 , < 3.10.15 (python) Affected: 3.11.0 , < 3.11.10 (python) Affected: 3.12.0 , < 3.12.4 (python) Affected: 3.13.0a1 , < 3.13.0b1 (python) |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "3.13.0a1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:32:37.215710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:02.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/118486"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.4",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0b1",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aobo Wang"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn Windows a directory returned by \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003etempfile.mkdtemp()\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIf you\u2019re not using Windows or haven\u2019t changed the temporary directory location then you aren\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\u003c/span\u003e\u003c/p\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \u201c700\u201d for the \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003emkdir\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e function on Windows which is used by \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003emkdtemp()\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e to ensure the newly created directory has the proper permissions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u2019re not using Windows or haven\u2019t changed the temporary directory location then you aren\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \u201c700\u201d for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-07T02:44:36.613Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/118486"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240705-0005/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "tempfile.mkdtemp() may be readable and writeable by all users on Windows",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-4030",
"datePublished": "2024-05-07T21:02:55.284Z",
"dateReserved": "2024-04-22T14:49:13.316Z",
"dateUpdated": "2024-09-07T02:44:36.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4229 (GCVE-0-2024-4229)
Vulnerability from cvelistv5 – Published: 2024-12-19 07:20 – Updated: 2024-12-19 16:38
VLAI
Summary
Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.
Severity
7.8 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.edgecross.org/client_info/EDGECROSS/v… | vendor-advisory |
| https://jvn.jp/vu/JVNVU92857077/index.html | government-resource |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Edgecross Consortium | Edgecross Basic Software for Windows |
Affected:
versions 1.00 and later
|
|
| Edgecross Consortium | Edgecross Basic Software for Developers |
Affected:
versions 1.00 and later
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T16:27:51.352323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T16:38:12.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Edgecross Basic Software for Windows",
"vendor": "Edgecross Consortium",
"versions": [
{
"status": "affected",
"version": "versions 1.00 and later"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edgecross Basic Software for Developers",
"vendor": "Edgecross Consortium",
"versions": [
{
"status": "affected",
"version": "versions 1.00 and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify."
}
],
"value": "Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Arbitrary Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T07:20:54.952Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.edgecross.org/client_info/EDGECROSS/view/userweb/ext/en/data-download/pdf/ECD-TE10-0003-01-EN.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU92857077/index.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-4229",
"datePublished": "2024-12-19T07:20:54.952Z",
"dateReserved": "2024-04-26T08:56:44.357Z",
"dateUpdated": "2024-12-19T16:38:12.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42419 (GCVE-0-2024-42419)
Vulnerability from cvelistv5 – Published: 2025-02-12 21:18 – Updated: 2025-02-13 15:19
VLAI
Summary
Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity
6.7 (Medium)
CWE
- Escalation of Privilege
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) GPA and Intel(R) GPA Framework software installers |
Affected:
See references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T15:19:14.881935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T15:19:23.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) GPA and Intel(R) GPA Framework software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en"
},
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T21:18:52.201Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01233.html",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01233.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-42419",
"datePublished": "2025-02-12T21:18:52.201Z",
"dateReserved": "2024-08-01T03:00:08.557Z",
"dateUpdated": "2025-02-13T15:19:23.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43166 (GCVE-0-2024-43166)
Vulnerability from cvelistv5 – Published: 2025-09-03 09:10 – Updated: 2025-11-04 21:08
VLAI
Summary
Incorrect Default Permissions vulnerability in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.2.2.
Users are recommended to upgrade to version 3.3.1, which fixes the issue.
Severity
No CVSS data available.
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/8zd69zkkx55qp365x… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache DolphinScheduler |
Affected:
0 , < 3.2.2
(maven)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-43166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T13:44:48.062064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T15:43:19.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:08:48.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/03/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache DolphinScheduler",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "L0ne1y"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect Default Permissions vulnerability in Apache DolphinScheduler.\u003c/p\u003e\u003cp\u003eThis issue affects Apache DolphinScheduler: before 3.2.2.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e3.3.1\u003c/span\u003e, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Incorrect Default Permissions vulnerability in Apache DolphinScheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2.\n\nUsers are recommended to upgrade to version 3.3.1, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T09:10:24.401Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-43166",
"datePublished": "2025-09-03T09:10:24.401Z",
"dateReserved": "2024-08-07T10:39:22.903Z",
"dateUpdated": "2025-11-04T21:08:48.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43791 (GCVE-0-2024-43791)
Vulnerability from cvelistv5 – Published: 2024-08-23 14:39 – Updated: 2024-08-23 18:10
VLAI
Title
RequestStore has Incorrect Default Permissions
Summary
RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.
Severity
7.8 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/steveklabnik/request_store/sec… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| steveklabnik | request_store |
Affected:
= 1.3.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:steveklabnik:request_store:1.3.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "request_store",
"vendor": "steveklabnik",
"versions": [
{
"status": "affected",
"version": "1.3.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T15:12:43.345505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T18:10:50.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "request_store",
"vendor": "steveklabnik",
"versions": [
{
"status": "affected",
"version": "= 1.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:39:10.641Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/steveklabnik/request_store/security/advisories/GHSA-frp2-5qfc-7r8m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/steveklabnik/request_store/security/advisories/GHSA-frp2-5qfc-7r8m"
}
],
"source": {
"advisory": "GHSA-frp2-5qfc-7r8m",
"discovery": "UNKNOWN"
},
"title": "RequestStore has Incorrect Default Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43791",
"datePublished": "2024-08-23T14:39:10.641Z",
"dateReserved": "2024-08-16T14:20:37.324Z",
"dateUpdated": "2024-08-23T18:10:50.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45067 (GCVE-0-2024-45067)
Vulnerability from cvelistv5 – Published: 2025-05-14 22:16 – Updated: 2026-02-26 18:28
VLAI
Summary
Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity
8.2 (High)
CWE
- Escalation of Privilege
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Gaudi(R) software installers |
Affected:
before version 1.18
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45067",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-17T03:56:08.304041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:07.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Gaudi(R) software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en"
},
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T22:16:43.735Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01271.html",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01271.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-45067",
"datePublished": "2025-05-14T22:16:43.735Z",
"dateReserved": "2024-10-09T02:59:22.175Z",
"dateUpdated": "2026-02-26T18:28:07.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46544 (GCVE-0-2024-46544)
Vulnerability from cvelistv5 – Published: 2024-09-23 10:43 – Updated: 2024-10-31 19:59
VLAI
Title
Apache Tomcat Connectors: mod_jk: local users can view and modify configuration
Summary
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service.
This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected.
Users are recommended to upgrade to version 1.2.50, which fixes the issue.
Severity
No CVSS data available.
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/q1gp7cc38hs1r8gj8… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat Connectors |
Affected:
1.2.9-beta , ≤ 1.2.49
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-14T21:02:40.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/23/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00010.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T17:36:05.907638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T19:59:53.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat Connectors",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.2.49",
"status": "affected",
"version": "1.2.9-beta",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.2.50, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service.\n\nThis issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected.\n\nUsers are recommended to upgrade to version 1.2.50, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T10:43:57.123Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Tomcat Connectors: mod_jk: local users can view and modify configuration",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-46544",
"datePublished": "2024-09-23T10:43:57.123Z",
"dateReserved": "2024-09-11T07:19:56.829Z",
"dateUpdated": "2024-10-31T19:59:53.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.