Unrated severityOSV Advisory· Published Sep 27, 2018· Updated Aug 5, 2024

CVE-2018-14650

Description

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Sosreport/Sos CollectorOSV2 versions
1.4+ 1 more
- (no CPE)range: 1.4
- (no CPE)

Patches

Vulnerability mechanics

References

access.redhat.com/errata/RHSA-2018:3663mitrevendor-advisoryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65edmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000