Vulnerability Details : CVE-2013-0347
The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2013-0347
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0347
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-0347
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0347
-
http://seclists.org/oss-sec/2013/q1/404
oss-sec: CVE request: webfs world-readable logExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/82356
webfs webfsd.log information disclosure CVE-2013-0347 Vulnerability Report
-
http://seclists.org/oss-sec/2013/q1/405
oss-sec: Re: CVE request: webfs world-readable logExploit
-
http://www.securityfocus.com/bid/58126
webfs 'webfsd.log' Insecure File Permissions Vulnerability
-
http://seclists.org/oss-sec/2013/q1/415
oss-sec: Re: Re: CVE request: webfs world-readable logExploit
Products affected by CVE-2013-0347
- cpe:2.3:a:webfs:webfs:-:*:*:*:*:*:*:*