Nico Viakowski

**Name of the Vulnerable Software and Affected Versions** SECUDOS Qiata (DOMOS OS) version 4.13 **Description** The issue is related to insecure permissions for the `previewRm.sh` daily cronjob. An attacker needs access as a low-privileged user to the underlying DOMOS system to exploit this. Every user on the system has write permission for `previewRm.sh`, which is executed by the root user. **Recommendations** For SECUDOS Qiata (DOMOS OS) version 4.13, consider restricting write permissions for the `previewRm.sh` script to prevent low-privileged users from modifying it. As a temporary workaround, consider disabling the execution of the `previewRm.sh` cronjob until a patch is available.