GitHub Advisory DatabaseGHSA-P86X-652P-6385Incorrect Default Permissions in keyring
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.008 Low
EPSS
Percentile
81.5%
Python keyring lib before 0.10 created keyring files with world-readable permissions.
Affected configurations
References
www.openwall.com/lists/oss-security/2012/11/27/3
bitbucket.org/kang/python-keyring-lib/commits/049cd181470f1ee6c540e1d64acf1def7b1de0c1
bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg
bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5577
github.com/advisories/GHSA-p86x-652p-6385
nvd.nist.gov/vuln/detail/CVE-2012-5577
security-tracker.debian.org/tracker/CVE-2012-5577
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.008 Low
EPSS
Percentile
81.5%