CVE-2018-0023
Summary
| CVE | CVE-2018-0023 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-04-11 19:29:00 UTC |
| Updated | 2019-10-09 23:31:00 UTC |
| Description | JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github. |
Risk And Classification
Problem Types: CWE-276
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2018-04 Security Bulletin: Junos Snapshot Administrator (JSNAPy) world writeable default configuration file permission (CVE-2018-0023) - Juniper Networks | CONFIRM | kb.juniper.net | Mitigation, Vendor Advisory |
| Juniper JSNAPy CVE-2018-0023 Local Insecure File Permissions Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 980939 Python (pip) Security Update for jsnapy (GHSA-qc55-vm3j-74gp)