CVE-2017-15131

EUVD-2017-6592
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
freedesktopxdg-user-dirs
𝑥
< 0.15.5
redhatenterprise_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xdg-user-dirs
bookworm
unimportant
bullseye
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xdg-user-dirs
artful
ignored
bionic
not-affected
cosmic
ignored
disco
ignored
eoan
ignored
focal
not-affected
groovy
ignored
hirsute
ignored
impish
not-affected
jammy
needs-triage
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
not-affected
zesty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E