Lucene search
HistoryNov 23, 2013 - 11:55 a.m.
CVE-2013-4481
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
5.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as “authentication secrets.”
Affected configurations
Node
scientificlinuxluciMatch0.26.0
ORredhatenterprise_linuxMatch6.0
Related
cve
cve
CVE-2013-4481
2013-11-23 11:55:04
veracode
veracode
Information Disclosure
2019-01-15 08:51:38
Elevation Of Privileges By An Untrusted Search Path Vulnerability
2019-05-02 04:58:57
prion
prion
Race condition
2013-11-23 11:55:00
cvelist
cvelist
CVE-2013-4481
2013-11-23 11:00:00
redhat
redhat
(RHSA-2013:1603) Moderate: luci security, bug fix, and enhancement update
2013-11-21 00:00:00
nessus
nessus
RHEL 6 : luci (RHSA-2013:1603)
2013-11-21 00:00:00
Scientific Linux Security Update : luci on SL6.x i386/x86_64 (20131121)
2013-12-04 00:00:00
CentOS 6 : luci (CESA-2013:1603)
2014-11-12 00:00:00
centos
centos
luci security update
2013-11-26 13:32:13
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
5.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for NVD:CVE-2013-4481