PT-2019-6792 · Python · Python Keyring Lib

Vincent Danen

Published

2019-10-28

Updated

2020-03-11

CVE-2012-5577

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Python keyring lib versions prior to 0.10

Description The issue concerns the Python keyring library, where versions before 0.10 created keyring files with world-readable permissions. This could potentially expose sensitive information.

Recommendations For versions prior to 0.10, update to version 0.10 or later to ensure keyring files are created with appropriate permissions, restricting access to sensitive information.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2012-5577

GHSA-P86X-652P-6385

PYSEC-2019-181

Affected Products

Python Keyring Lib

PT-2019-6792 · Python · Python Keyring Lib

CVE-2012-5577

Weakness Enumeration

Related Identifiers

Affected Products

References · 14