Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4NngtNjUycC02Mzg1
Incorrect Default Permissions in keyring
Python keyring lib before 0.10 created keyring files with world-readable permissions.
Permalink: https://github.com/advisories/GHSA-p86x-652p-6385JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4NngtNjUycC02Mzg1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 5 years ago
Updated: 4 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.00223
EPSS Percentile: 0.60512
Identifiers: GHSA-p86x-652p-6385, CVE-2012-5577
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-5577
- https://bitbucket.org/kang/python-keyring-lib/commits/049cd181470f1ee6c540e1d64acf1def7b1de0c1
- https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5577
- https://security-tracker.debian.org/tracker/CVE-2012-5577
- http://www.openwall.com/lists/oss-security/2012/11/27/3
- https://github.com/advisories/GHSA-p86x-652p-6385
- https://github.com/pypa/advisory-database/tree/main/vulns/keyring/PYSEC-2019-181.yaml
Blast Radius: 33.1
Affected Packages
pypi:keyring
Dependent packages: 1,386Dependent repositories: 25,739
Downloads: 68,190,659 last month
Affected Version Ranges: < 0.10
Fixed in: 0.10
All affected versions: 0.5.1, 0.6.2, 0.7.1, 0.8.1, 0.9.1, 0.9.2, 0.9.3
All unaffected versions: 0.10.1, 1.1.1, 1.1.2, 1.2.1, 1.2.2, 1.2.3, 1.6.1, 2.0.1, 2.0.2, 2.0.3, 2.1.1, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.2.1, 4.1.1, 5.2.1, 5.5.1, 5.7.1, 6.1.1, 7.0.1, 7.0.2, 7.1.1, 7.1.2, 7.3.1, 8.0.1, 8.1.1, 8.4.1, 8.5.1, 8.6.1, 9.2.1, 9.3.1, 10.0.1, 10.0.2, 10.3.1, 10.3.2, 10.3.3, 10.4.0, 10.5.0, 10.5.1, 10.6.0, 11.0.0, 11.1.0, 12.0.0, 12.0.1, 12.0.2, 12.1.0, 12.2.0, 12.2.1, 13.0.0, 13.1.0, 13.2.0, 13.2.1, 15.0.0, 15.1.0, 15.2.0, 16.0.0, 16.0.1, 16.0.2, 16.1.0, 16.1.1, 17.0.0, 17.1.0, 17.1.1, 18.0.0, 18.0.1, 19.0.0, 19.0.1, 19.0.2, 19.1.0, 19.2.0, 19.3.0, 20.0.0, 20.0.1, 21.0.0, 21.1.0, 21.1.1, 21.2.0, 21.2.1, 21.3.0, 21.3.1, 21.4.0, 21.5.0, 21.6.0, 21.7.0, 21.8.0, 22.0.0, 22.0.1, 22.1.0, 22.2.0, 22.3.0, 22.4.0, 23.0.0, 23.0.1, 23.1.0, 23.2.0, 23.2.1, 23.3.0, 23.4.0, 23.4.1, 23.5.0, 23.5.1, 23.6.0, 23.7.0, 23.8.0, 23.8.1, 23.8.2, 23.9.0, 23.9.1, 23.9.2, 23.9.3, 23.10.0, 23.11.0, 23.12.1, 23.13.0, 23.13.1, 24.0.0, 24.0.1, 24.1.0, 24.1.1, 24.2.0, 24.3.0, 24.3.1, 25.0.0, 25.0.1, 25.1.0, 25.2.0, 25.2.1, 25.3.0, 25.4.0, 25.4.1, 25.5.0, 25.6.0