{
  "threat_severity" : "Low",
  "public_date" : "2013-11-20T00:00:00Z",
  "bugzilla" : {
    "description" : "luci: short exposure of authentication secrets while generating configuration file",
    "id" : "988998",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=988998"
  },
  "cvss" : {
    "cvss_base_score" : "1.9",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as \"authentication secrets.\"", "A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file." ],
  "acknowledgement" : "This issue was discovered by Jan Pokorný (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-11-20T00:00:00Z",
    "advisory" : "RHSA-2013:1603",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "luci-0:0.26.0-48.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-4481\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4481" ],
  "name" : "CVE-2013-4481",
  "csaw" : false
}