CVE-2024-23454

MEDIUM Year: 2024
CVSS v3 Score
6.2
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users.

Related Vulnerabilities

CVE-2017-14187

MEDIUM
CVSS:6.2(Medium)

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary progra...

CWE-2692017

CVE-2022-22390

MEDIUM
CVSS:6.2(Medium)

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: ...

CWE-2692022

CVE-2023-52543

MEDIUM
CVSS:6.2(Medium)

Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability.

CWE-2692023

CVE-2024-33393

MEDIUM
CVSS:6.2(Medium)

An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

CWE-2692024

CVE-2013-4867

MEDIUM
CVSS:6.3(Medium)

Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking

CWE-2692013

CVE-2017-11438

MEDIUM
CVSS:6.3(Medium)

GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a s...

CWE-2692017