QID 980939
QID 980939: Python (pip) Security Update for jsnapy (GHSA-qc55-vm3j-74gp)
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-qc55-vm3j-74gp for updates pertaining to this vulnerability.
Vendor References
- GHSA-qc55-vm3j-74gp -
github.com/advisories/GHSA-qc55-vm3j-74gp
CVEs related to QID 980939
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-qc55-vm3j-74gp | jsnapy |
|