Incorrect Permission Assignment for Critical Resource

CVE-2023-49582

Medium

5.5/10

Summary

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users to read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect Non-Unix platforms, or builds with "APR_USE_SHMEM_SHMGET=1" ("apr.h"). This vulnerability affects apr package versions 0.9.0 through 1.7.4. Users are recommended to upgrade, which fixes this issue.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-732 - Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

Advisory
Mail Thread
Release Note

Advisory Timeline

Published Aug 26, 2024

Incorrect Permission Assignment for Critical Resource

CVE-2023-49582

Summary

CWE-732 - Incorrect Permission Assignment for Critical Resource

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS