How severe is CVE-2018-0023?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2018-0023?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2018-0023 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.

Related Vulnerabilities

CVE-2002-1713

MEDIUM

CVSS:5.5(Medium)

The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.

CWE-2762002

CVE-2012-6136

MEDIUM

CVSS:5.5(Medium)

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

CWE-2762012

CVE-2013-1425

MEDIUM

CVSS:5.5(Medium)

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

CWE-2762013

CVE-2013-4281

MEDIUM

CVSS:5.5(Medium)

In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

CWE-2762013

CVE-2017-6404

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.

CWE-2762017

CVE-2017-7761

MEDIUM

CVSS:5.5(Medium)

The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), pr...

CWE-2762017