CWE-732: Insecure Directory Permissions #4222

omordyk · 2025-01-09T09:13:49Z

Description:
CWE-732: Insecure Directory Permissions
A sensitive sink functions were discovered. It causes a High severity Insecure Directory Permissions vulnerability.

The permission mode is passed as an integer to the os.MkdirAll function, which can lead to unintended permissions. The issue stems from how the permissions are specified in Go. The resulting permissions may be interpreted incorrectly.
To prevent unintended permissions, you should specify the mode in octal format.

List of problem places:

cluster_install_files.go:154
css.go:340
certificate.go:44
dependency.go:241
policy_file.go:916
resource_manager.go:97
utils.go:402
cluster_install_files.go:444
utils.go:421

https://cwe.mitre.org/data/definitions/732.html

The text was updated successfully, but these errors were encountered:

Signed-off-by: Oleksandr Mordyk <[email protected]>

omordyk added the security label Jan 9, 2025

omordyk self-assigned this Jan 9, 2025

omordyk added a commit that referenced this issue Jan 9, 2025

#4222 - CWE-732: Insecure Directory Permissions vulnerabilities

1a19086

Signed-off-by: Oleksandr Mordyk <[email protected]>

omordyk linked a pull request Jan 9, 2025 that will close this issue

CWE-732: Insecure Directory Permissions #4223

Open

12 tasks

omordyk added a commit that referenced this issue Jan 9, 2025

#4222 - CWE-732: Insecure Directory Permissions vulnerabilities

4b108aa

Signed-off-by: Oleksandr Mordyk <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CWE-732: Insecure Directory Permissions #4222

CWE-732: Insecure Directory Permissions #4222

omordyk commented Jan 9, 2025 •

edited

Loading

CWE-732: Insecure Directory Permissions #4222

CWE-732: Insecure Directory Permissions #4222

Comments

omordyk commented Jan 9, 2025 • edited Loading

omordyk commented Jan 9, 2025 •

edited

Loading