Ken Takata

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 8.0.1263 **Description** The issue is related to the fileio.c component in Vim, which sets the group ownership of a .swp file to the editor's primary group. This can allow local users to obtain sensitive information by leveraging an applicable group membership. For example, if a file like /etc/shadow is owned by root:shadow with mode 0640, the corresponding .swp file /etc/.shadow.swp might be owned by root:users with the same mode, potentially exposing sensitive data. **Recommendations** For versions prior to 8.0.1263, update to version 8.0.1263 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and their corresponding .swp files to minimize the risk of exploitation.