All vulnerabilities
CVE-2019-13012
Description
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
7.5
Severity
High
Ecosystem
RPM
Publish Date
June 28, 2019
Modified Date
April 11, 2026
Score Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Versions
