CVE-2019-17383

Published: Oct 9, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.

Affected (2)

Products: Netaddr Project: Netaddr

Netaddr Project

1 product

Netaddr

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Netaddr Project Netaddr	From 1.5.0 to 1.5.3
Netaddr Project Netaddr	From 2.0 to 2.0.4

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://github.com/dspinhirne/netaddr-rb/commit/3aac46c00a36e71905eaa619cb94d45bff6e3b51

Source: cve@mitre.org

PatchThird Party Advisory

https://rubygems.org/gems/netaddr/versions

Source: cve@mitre.org

Product

https://github.com/dspinhirne/netaddr-rb/commit/3aac46c00a36e71905eaa619cb94d45bff6e3b51

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://rubygems.org/gems/netaddr/versions

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.