CVE-2017-15131

HIGH

Freedesktop Xdg-user-dirs < 0.15.5 - Improper Access Control

Title source: rule

Description

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

References (3)

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1412762

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0842

[Mailing List] https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 32.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-284 CWE-276

Status published

Affected Products (2)

freedesktop/xdg-user-dirs < 0.15.5

redhat/enterprise_linux

Timeline

Published Jan 09, 2018

Tracked Since Feb 18, 2026