CVE-2017-18285

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:burp_project:burp:*:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-04 06:29

Updated : 2024-02-28 16:25


NVD link : CVE-2017-18285

Mitre link : CVE-2017-18285

CVE.ORG link : CVE-2017-18285


JSON object : View

Products Affected

gentoo

  • linux

burp_project

  • burp
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource