vulnerability
Oracle Linux: CVE-2017-15131: ELSA-2018-0842: xdg-user-dirs security and bug fix update (LOW) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
2 | (AV:L/AC:L/Au:S/C:P/I:N/A:N) | Jan 12, 2017 | Apr 19, 2018 | Jan 7, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:S/C:P/I:N/A:N)
Published
Jan 12, 2017
Added
Apr 19, 2018
Modified
Jan 7, 2025
Description
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.
It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.
Solution
oracle-linux-upgrade-xdg-user-dirs

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.