CVE-2001-0289
published 2001-05-03CVE-2001-0289: Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other…
PriorityP414medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.74%
50.0th percentile
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joseph_allen | joe | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2001-02-28·CVSS 4.6
CVE-2001-0289 [MEDIUM] security flaw
security flaw
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.
GHSA
GHSA-767p-jcph-vjj3: Joe text editor 2
ghsa_unreviewed·2022-04-30
CVE-2001-0289 [MEDIUM] GHSA-767p-jcph-vjj3: Joe text editor 2
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.
No detection rules found.
http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.htmlhttp://www.debian.org/security/2001/dsa-041http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3http://www.redhat.com/support/errata/RHSA-2001-024.htmlhttp://archives.neohapsis.com/archives/bugtraq/2001-02/0490.htmlhttp://www.debian.org/security/2001/dsa-041http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3http://www.redhat.com/support/errata/RHSA-2001-024.html
2001-05-03
Published