CVE-2017-15131 — Improper Access Control in Xdg-user-dirs
Severity
7.8HIGHNVD
EPSS
0.1%
top 67.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 9
Latest updateMay 13
Description
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
Also affects: Enterprise Linux 7.0
🔴Vulnerability Details
2GHSA▶
GHSA-q4r5-4gjj-jww9: It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs↗2022-05-13
OSV▶
CVE-2017-15131: It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs↗2018-01-09
📋Vendor Advisories
2💬Community
3Bugzilla▶
CVE-2017-15131 gnome-session: xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy [fedora-all]↗2017-05-24
Bugzilla▶
CVE-2017-15131 xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy↗2017-05-24
Bugzilla▶
CVE-2017-15131 xdg-user-dirs: xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy [fedora-all]↗2017-05-24