New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-45473: world-readable logfile #241
Comments
davehorton
added a commit
that referenced
this issue
Nov 23, 2022
davehorton
added a commit
that referenced
this issue
Nov 24, 2022
|
fixed in v0.8.19-rc12 |
|
CVE-2022-45473 as been assigned to this issue. |
|
could you please update the various entries you made out in the world to indicate this is fixed |
|
I don't know what stays for "entries you made out in the world" The CVE was requested when the issue was unfixed. When it was fixed I sent an update, but the update on nvd.nist.gov does not depend on me. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
when drachtio-server starts, creates
/var/log/drachtiowith mode 777This leads to a disclosure because a local user can retrieve sensitive data (like IP and so on).
Here is the details:
To fix this issue,
/var/log/drachtioshould be created with mode 770The text was updated successfully, but these errors were encountered: