Bug 1183693 - VUL-0: CVE-2021-25314: hawk2: Insecure file permissions in simulator_controller.rb
VUL-0: CVE-2021-25314: hawk2: Insecure file permissions in simulator_controll...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Dario Maiocchi
Security Team bot
https://smash.suse.de/issue/277858/
:
Depends on:
Blocks: 1180004
  Show dependency treegraph
 
Reported: 2021-03-18 09:54 UTC by Johannes Segitz
Modified: 2022-04-19 13:29 UTC (History)
10 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2021-03-18 09:54:37 UTC
+++ This bug was initially created as a clone of Bug #1182166 +++

Found by Ricardo Branco:
While doing QA for the MU's for 12-SPx I found:

/srv/www/hawk/app/controllers/simulator_controller.rb:      File.chmod(0666, tmpfile.path)

Please reference CVE-2021-25314 again when this is fixed
Comment 1 Johannes Segitz 2021-06-23 11:09:06 UTC
making public. Please submit for this
Comment 2 Aleksei Burlakov 2022-04-19 13:29:15 UTC
It was resolved in https://bugzilla.suse.com/show_bug.cgi?id=1182166