CVE-2018-0023 MEDIUM

CVE-2018-0023: Junos Snapshot Administrator (JSNAPy) world writeable default configuration file permission

Vendor Juniper Networks
Product Junos Snapshot Administrator (JSNAPy)
Published April 11, 2018
Last update September 16, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.

Key dates

02Disclosure timeline

April 11, 2018 CVE published
September 16, 2024 Record updated