PT-2023-23714 · Planet · Planet

Jreiber

Publicado

2023-05-12

Atualizado

2023-05-26

CVE-2023-32303

CVSS v4.0

7.1

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Planet versions prior to 2.0.1

Description The issue concerns the permissions of a secret file that stores the user's Planet API authentication information. This file should only be accessible by the user, but due to incorrect permissions, it was also readable by the user's group and non-group members. The problem was resolved in version 2.0.1.

Recommendations For versions prior to 2.0.1, set the secret file permissions to only user read/write by hand using the command chmod 600 ~/.planet.json.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2023-32303

GHSA-J5FJ-RFH6-QJ85

PYSEC-2023-71

Produtos afetados

Planet

PT-2023-23714 · Planet · Planet

CVE-2023-32303

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12