← Back

CVE-2018-0023

nvd nist
Published: Apr 11, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.

Affected (1)

Products: Juniper: Jsnapy
Juniper
1 product
Jsnapy
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Jsnapy
Before 1.3.0

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

Source: sirt@juniper.net
Third Party AdvisoryVDB Entry
Source: sirt@juniper.net
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.