CVE-2020-12831

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions FRRouting FRR versions through 7.3.1

Description An issue was discovered in FRRouting FRR when using the split-config feature. The init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. Some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file.

Recommendations For versions through 7.3.1, consider changing the default permissions of the config file created by the init script to prevent world-readable access. As a temporary workaround, restrict access to the config file until a more permanent solution is applied.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALSA-2020:4619

CESA-2020_4619

CVE-2020-12831

OPENSUSE-SU-2024:10583-1

RHSA-2020:4619

RHSA-2020_4619

Affected Products

Almalinux

Centos

Debian

Frrouting Frr

Red Hat

CVE-2020-12831

Weakness Enumeration

Related Identifiers

Affected Products

References · 14