CVE-2018-14650
published 2018-09-27CVE-2018-14650: It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any…
medium5CVSS 3.0
AVLACLPRLUIRSUCHINAN
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| sos-collector_project | sos-collector | — | — |