GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2017/10/31/1 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/101671 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2017-10-31 20:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-1000383
Mitre link : CVE-2017-1000383
CVE.ORG link : CVE-2017-1000383
JSON object : View
Products Affected
gnu
- emacs
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor