Description

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

Remediation

References

CVE-2011-4944

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20186)

Jboss EAP Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12617)

Joomla! Core 3.x.x SQL Injection (3.5.0 - 3.8.5)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2367)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8657)

Severity

Low

Classification

CVE-2011-4944 CWE-264

Tags

Missing Update Known Vulnerabilities