Information disclosure via overly permissive file permissions
Summary
Information disclosure via overly permissive file permissions. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-277.
- < 1.44.78
- < 2.34.29
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 1.44.78
- 2.34.29
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- To mitigate this issue, configure a more restrictive umask for users who execute AWS CLI subcommands that handle credentials. Setting a umask of `0077` or `0027` will prevent other local users from reading newly created files. This can be achieved by adding `umask 0077` (or `umask 0027`) to the user's shell profile (e.g., `~/.bashrc` or `~/.profile`). Users must log out and back in for the new umask to take effect. This mitigation applies to newly created files and does not affect existing files with overly permissive permissions.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.