4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a “7,” which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | augeas | < 1.2.0-0.1 | augeas_1.2.0-0.1_all.deb |
Debian | 11 | all | augeas | < 1.2.0-0.1 | augeas_1.2.0-0.1_all.deb |
Debian | 999 | all | augeas | < 1.2.0-0.1 | augeas_1.2.0-0.1_all.deb |
Debian | 13 | all | augeas | < 1.2.0-0.1 | augeas_1.2.0-0.1_all.deb |