PT-2023-23714 · Planet · Planet
Jreiber
·
Published
2023-05-12
·
Updated
2023-05-26
·
CVE-2023-32303
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Planet versions prior to 2.0.1
Description
The issue concerns the permissions of a secret file that stores the user's Planet API authentication information. This file should only be accessible by the user, but due to incorrect permissions, it was also readable by the user's group and non-group members. The problem was resolved in version 2.0.1.
Recommendations
For versions prior to 2.0.1, set the secret file permissions to only user read/write by hand using the command
chmod 600 ~/.planet.json.Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Planet