CVE-2013-4481 — Race Condition in Luci

CWE-362 — Race Condition4 documents4 sources

Severity

1.9LOWNVD

EPSS

0.0%

top 90.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Scientificlinux Luci

Timeline

PublishedNov 23

Latest updateMay 14

Description

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDscientificlinux/luci0.26.0

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-ffhg-m72p-75j9: Race condition in Luci 0↗2022-05-14

▶

📋Vendor Advisories

Red Hat

luci: short exposure of authentication secrets while generating configuration file↗2013-11-20

▶

💬Community

Bugzilla

CVE-2013-4481 luci: short exposure of authentication secrets while generating configuration file↗2013-07-26

▶