{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-20T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as \"authentication secrets.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-11-23T18:10:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2013:1603", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:14.886Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2013:1603", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4481", "datePublished": "2013-11-23T11:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.886Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scientificlinux:luci:0.26.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2283AAF-A541-4E4D-8517-D94FAFF3E8EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as \"authentication secrets.\""}, {"lang": "es", "value": "Condici\u00f3n de carrera en Luci 0.26.0 crea /var/lib/luci/etc/luci.ini con permisos de escritura antes de restringir los permisos, lo que permite a usuarios locales leer archivos y obtener informaci\u00f3n sensible, tal como los \"secretos de autenticaci\u00f3n\"."}], "id": "CVE-2013-4481", "lastModified": "2019-04-22T17:48:00.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-23T11:55:04.680", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Jan Pokorn\u00fd (Red Hat).", "affected_release": [{"advisory": "RHSA-2013:1603", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "luci-0:0.26.0-48.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}], "bugzilla": {"description": "luci: short exposure of authentication secrets while generating configuration file", "id": "988998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as \"authentication secrets.\"", "A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file."], "name": "CVE-2013-4481", "public_date": "2013-11-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4481\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4481"], "threat_severity": "Low"}