PT-2022-27529 · Unknown · Drachtio-Server
Asarubboo
·
Published
2022-11-18
·
Updated
2022-11-29
·
CVE-2022-45473
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
drachtio-server version 0.8.18
Description
The issue concerns the permissions of the /var/log/drachtio directory and the drachtio.log file. Specifically, the directory has a mode of 0777 and the log file has a mode of 0666. This could potentially allow unauthorized access or modification of the log files.
Recommendations
For drachtio-server version 0.8.18, consider changing the permissions of the /var/log/drachtio directory and the drachtio.log file to more restrictive settings to minimize the risk of unauthorized access.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Drachtio-Server