Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-38801 Update caddy-ubi to close frontend CVEs
  3. RHCLOUD-37669

CVE-2024-45339 remediations/insights-remediations-frontend: Vulnerability when creating log files in github.com/golang/glog [services-remediations]

XMLWordPrintable

    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • Unset
    • Important

      Security Tracking Issue

      Do not make this issue public.

      Flaw:

      Vulnerability when creating log files in github.com/golang/glog
      https://bugzilla.redhat.com/show_bug.cgi?id=2342463

      When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.

      ~~~

              rhn-engineering-apuente Adonis Puente
              rhn-support-mfindra Michal Findra
              Asa Price, mb Pierce, Muhammad Arif
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: