It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.
CVSS 2.0
Severity: LOW
Problem Type: CWE-732,CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 7.6 |
| sos-collector_project | sos-collector | 1.4 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |