Incorrect Default Permissions
CVE-2024-34679
Summary
Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
References
Advisory Timeline
- Published
