PT-2017-11953 · Github · Yadm
Published
2017-07-17
·
Updated
2017-07-25
·
CVE-2017-11353
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
yadm version 1.10.0
Description
The issue is related to a race condition in the behavior of git commands when setting permissions for new files and directories. This potentially allows access to SSH and PGP keys.
Recommendations
For version 1.10.0, consider updating to a newer version that addresses the race condition issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yadm