CVE-2018-0023

Name of the Vulnerable Software and Affected Versions: JSNAPy versions prior to 1.3.0

Description: The default configuration and sample files of the JSNAPy automation tool have insecure file and directory permissions, allowing unprivileged local users to alter files and insert unintended operations. This issue affects users who downloaded and installed JSNAPy from github.

Recommendations: For JSNAPy versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting write access to the configuration and sample files to prevent unauthorized modifications.