Incorrect Privilege Assignment Affecting vim-minimal package, versions *


low

Snyk CVSS

    Attack Complexity Low
    Confidentiality High

    Threat Intelligence

    EPSS 0.04% (11th percentile)
Expand this section
NVD
5.5 medium
Expand this section
Red Hat
5.5 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RHEL7-VIMMINIMAL-1359209
  • published 26 Jul 2021
  • disclosed 31 Oct 2017

How to fix?

There is no fixed version for RHEL:7 vim-minimal.

NVD Description

Note: Versions mentioned in the description apply only to the upstream vim-minimal package and not the vim-minimal package as distributed by RHEL. See How to fix? for RHEL:7 relevant fixed versions and status.

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.