CVE-2017-15131

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
freedesktopxdg-user-dirs
𝑥
< 0.15.5
redhatenterprise_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xdg-user-dirs
bullseye
unimportant
sid
unimportant
trixie
unimportant
bookworm
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xdg-user-dirs
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
needs-triage
impish
not-affected
hirsute
ignored
groovy
ignored
focal
not-affected
eoan
ignored
disco
ignored
cosmic
ignored
bionic
not-affected
artful
ignored
zesty
ignored
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E