5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.8%
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=649384
git.savannah.gnu.org/gitweb/?p=gnash.git%3Ba=commitdiff%3Bh=fa481c116e65ccf9137c7ddc8abc3cf05dc12f55
lists.opensuse.org/opensuse-updates/2012-03/msg00003.html
lists.opensuse.org/opensuse-updates/2012-03/msg00026.html
secunia.com/advisories/48325
secunia.com/advisories/48466
www.debian.org/security/2012/dsa-2435
www.openwall.com/lists/oss-security/2011/11/21/12
www.openwall.com/lists/oss-security/2011/11/21/7
www.osvdb.org/77243
www.securityfocus.com/bid/50747
bugzilla.redhat.com/show_bug.cgi?id=755518
More