CVE-2017-15131
gnome-session: Xsession creation of XDG user directories does not honor system umask policy
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
Se ha descubierto que no se respeta la política system umask cuando se crean directorios de usuarios XDG, ya que Xsession obtiene xdg-user-dirs.sh antes de establecer la política umask. Esto solo afecta a xdg-user-dirs en versiones anteriores a la 0.15.5, tal y como se incluye en Red Hat Enterprise Linux.
It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-10-08 CVE Reserved
- 2018-01-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-266: Incorrect Privilege Assignment
- CWE-276: Incorrect Default Permissions
- CWE-284: Improper Access Control
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1412762 | Issue Tracking | |
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:0842 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2017-15131 | 2018-04-10 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1455094 | 2018-04-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freedesktop Search vendor "Freedesktop" | Xdg-user-dirs Search vendor "Freedesktop" for product "Xdg-user-dirs" | < 0.15.5 Search vendor "Freedesktop" for product "Xdg-user-dirs" and version " < 0.15.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
|