Red Hat CVE-2023-38037
MEDIUMSeverity by source
AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file.
Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it.
All users running an affected release should either upgrade or use one of the workarounds immediately.
AnalysisAI
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. Rated medium severity (CVSS 5.5). This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Review and restrict file/resource permissions, apply principle of least privilege.
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Package Hub 15 SP5 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP4 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP5 | Fixed |
| SUSE Enterprise Storage 2.1 | Fixed |
| SUSE Enterprise Storage 3 | Fixed |
| SUSE Enterprise Storage 4 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP1 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP2 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP3 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP6 | Fixed |
| SUSE OpenStack Cloud 6 | Fixed |
| SUSE OpenStack Cloud 6-LTSS | Fixed |
| SUSE OpenStack Cloud 7 | Fixed |
| SUSE OpenStack Cloud Crowbar 8 | Fixed |
| SUSE OpenStack Cloud Crowbar 9 | Fixed |
| SUSE Package Hub 15 SP5 | Fixed |
| SUSE Package Hub 15 SP5 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today