vulnerability

Oracle Linux: CVE-2017-15131: ELSA-2018-0842: xdg-user-dirs security and bug fix update (LOW) (Multiple Advisories)

Severity
2
CVSS
(AV:L/AC:L/Au:S/C:P/I:N/A:N)
Published
Jan 12, 2017
Added
Apr 19, 2018
Modified
Jan 7, 2025

Description

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.

Solution

oracle-linux-upgrade-xdg-user-dirs
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.