{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "7.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.0" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.4" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "7e09ccd3e403d3f99640c8955f22263828b06384" }, { "fixed": "72058f9253e7ed8c7243e2ff76a16d97b03d65ed" } ], "repo": "https://github.com/sosreport/sos-collector", "type": "GIT" } ] } ], "details": "It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.", "id": "CVE-2018-14650", "modified": "2026-03-13T21:54:36.508064354Z", "published": "2018-09-27T20:29:00.260Z", "references": [ { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:3663" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650" }, { "type": "EVIDENCE", "url": "https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed" } ], "severity": [ { "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }