Skip to main content

Incorrect Default Permissions

CVE-2021-34395

Severity Medium
Score 4.2/10

Summary

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service.

  • LOW
  • LOCAL
  • LOW
  • UNCHANGED
  • NONE
  • HIGH
  • LOW
  • LOW

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

  • Published