Information Exposure Affecting frr package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-FRR-569459
- published 18 May 2020
- disclosed 13 May 2020
Introduced: 13 May 2020
CVE-2020-12831 Open this link in a new tabHow to fix?
There is no fixed version for Debian:10 frr.
NVD Description
Note: Versions mentioned in the description apply only to the upstream frr package and not the frr package as distributed by Debian.
See How to fix? for Debian:10 relevant fixed versions and status.
An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file