PYSEC-2017-72

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/sosreport/PYSEC-2017-72.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2017-72

Aliases

Published

2017-07-25T18:29:00Z

Modified

2026-06-10T17:02:46.030007224Z

Summary

[none]

Details

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

References

Affected packages

PyPI / sosreport

Package

Name: sosreport; View open source insights on deps.dev
Purl: pkg:pypi/sosreport

Affected ranges

Type: GIT
Repo: https://github.com/sosreport/sos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d7759d3ddae5fe99a340c88a1d370d65cfa73fd6

Type: ECOSYSTEM
Events: Introduced

3.0

Affected versions

AS7-7.*

AS7-7.1.2

as7.*

as7.1.2

r1.*

r1.6

r1.7

r1.7-6

r1.7-8

r1.8

r1.9

r2.*

r2.0

r2.1

r3.*

r3.0

Other

rhel-4-start

rhel-5-start

rhel-6-start

3.*

3.0

3.1

3.2.0a1

3.2alpha1

3.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/sosreport/PYSEC-2017-72.yaml"