Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0023

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.

Published

2018-04-11T19:29:00.697

Last Modified

2024-11-21T03:37:22.880

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	juniper	jsnapy	< 1.3.0	Yes

References

http://www.securityfocus.com/bid/103745 Third Party Advisory, VDB Entry ([email protected])
https://kb.juniper.net/JSA10856 Mitigation, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/103745 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://kb.juniper.net/JSA10856 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)