| Advisory
Products
MOOLE SCA
Continuous visibility into open-source risk
MOOLE Container Security
End-to-end container defense across the SDLC
MOOLE SAST
Static application security testing for source code
About Us
CVE-2012-5577
Vulnerability Database
pypi
CVE-2012-5577
Base Score
HIGH
7.5
CVE-2012-5577
Python keyring lib before 0.10 created keyring files with world-readable permissions.
Vector
NETWORK
Published By
secalert@redhat.com
Published Date
Oct 28, 2019, 17:15
Affected Versions
(1)
keyring
(PyPI)
Introduced
0
Fixed
0.10
Limit
N/A
Package (Ecosystem)
Introduced
Fixed
Limit
keyring
(PyPI)
0
0.10
N/A
Weakness Type (CWE)
:
CWE-276
CVSS Metrics
CVSS v3.1
CVSS v2
Base Score
7.5
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Severity
HIGH
Version
3.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
HIGH
Integrity (I)
NONE
Availability (A)
NONE
References
http://www.openwall.com/lists/oss-security/2012/11/27/3
https://bitbucket.org/kang/python-keyring-lib/commits/049cd181470f1ee6c540e1d64acf1def7b1de0c1
https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5577
https://security-tracker.debian.org/tracker/CVE-2012-5577
Base Score
HIGH
7.5
Weakness Type (CWE)
:
CWE-276
CVSS Metrics
CVSS v3.1
CVSS v2
Base Score
7.5
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Severity
HIGH
Version
3.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
HIGH
Integrity (I)
NONE
Availability (A)
NONE
