PYSEC-2017-72

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/sosreport/PYSEC-2017-72.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2017-72

Aliases

CVE-2015-3171
GHSA-gw46-8559-cggp

Published

2017-07-25T18:29:00Z

Modified

2024-04-29T15:11:35.255201Z

Summary

[none]

Details

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

References

https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6
https://bugzilla.redhat.com/show_bug.cgi?id=1218658

Affected packages

PyPI / sosreport

Package

Name: sosreport; View open source insights on deps.dev
Purl: pkg:pypi/sosreport

Affected ranges

Type: GIT
Repo: https://github.com/sosreport/sos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d7759d3ddae5fe99a340c88a1d370d65cfa73fd6

Type: ECOSYSTEM
Events: Introduced

3.0

Affected versions

3.*

3.2.0a1

3.2