GHSA-cpcw-p965-wpqx

Suggest an improvement
Source
https://github.com/advisories/GHSA-cpcw-p965-wpqx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cpcw-p965-wpqx/GHSA-cpcw-p965-wpqx.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cpcw-p965-wpqx
Aliases
Published
2022-05-24T17:21:16Z
Modified
2024-02-18T05:42:06.923491Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
rtslib-fb weak permissions for /etc/target/saveconfig.json file
Details

Python rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

References

Affected packages

PyPI / rtslib-fb

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.73

Affected versions

2.*

2.1.31
2.1.32
2.1.35
2.1.36
2.1.37
2.1.38
2.1.39
2.1.40
2.1.43
2.1.47
2.1.49
2.1.51
2.1.56
2.1.57
2.1.58
2.1.61
2.1.62
2.1.63
2.1.64
2.1.65
2.1.66
2.1.69
2.1.71
2.1.72

Ecosystem specific

{
    "affected_functions": [
        "rtslib.root.RTSRoot.save_to_file"
    ]
}

Database specific

{
    "last_known_affected_version_range": "<= 2.1.72"
}