CVE-2019-7306Files or Directories Accessible to External Parties in Byobu

CWE-552Files or Directories Accessible to External PartiesCWE-200Sensitive Information Exposure6 documents6 sources
Severity
7.5HIGHNVD
CNA4.3
EPSS
0.3%
top 45.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical ByobuCanonical Ubuntu Linux
Timeline
PublishedApr 17
Latest updateMay 24

Description

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5canonical/byobuunspecified5.128-0ubuntu1

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, 19.04

🔴Vulnerability Details

3
GHSA
GHSA-2rpx-jj49-wf29: Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's2022-05-24
OSV
CVE-2019-7306: Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's2020-04-17
CVEList
Byobu apport hook uploads user's ~/.screenrc2020-04-17

📋Vendor Advisories

2
Ubuntu
Byobu vulnerability2022-01-18
Debian
CVE-2019-7306: byobu - Byobu Apport hook may disclose sensitive information since it automatically uplo...2019
CVE-2019-7306 — Canonical Byobu vulnerability | cvebase