An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qNWZqLXJmaDYtcWo4Nc4AAzUI
Planet's secret file is created with excessive permissions
The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but its permissions allowed the user's group and non-group to read the file as well.
Check the permissions on the secret file with
ls -l ~/.planet.json and ensure that they read as
Set the secret file permissions to only user read/write by hand:
chmod 600 ~/.planet.json
Source: GitHub Advisory Database
Published: 7 months ago
Updated: 17 days ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-j5fj-rfh6-qj85, CVE-2023-32303
Fixed in: 2.0.1