Impact
The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but its permissions allowed the user's group and non-group to read the file as well.
Validation
Check the permissions on the secret file with ls -l ~/.planet.json and ensure that they read as -rw-------
Patches
d71415a8
Workarounds
Set the secret file permissions to only user read/write by hand:
Impact
The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but its permissions allowed the user's group and non-group to read the file as well.
Validation
Check the permissions on the secret file with
ls -l ~/.planet.jsonand ensure that they read as-rw-------Patches
d71415a8
Workarounds
Set the secret file permissions to only user read/write by hand: