CVE-2023-32303

Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.
Configurations

Configuration 1 (hide)

cpe:2.3:a:planet:planet:*:*:*:*:*:*:*:*

History

26 May 2023, 17:36

Type Values Removed Values Added
CPE cpe:2.3:a:planet:planet:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References (MISC) https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7 - (MISC) https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7 - Patch
References (MISC) https://github.com/planetlabs/planet-client-python/releases/tag/2.0.1 - (MISC) https://github.com/planetlabs/planet-client-python/releases/tag/2.0.1 - Release Notes
References (MISC) https://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fj-rfh6-qj85 - (MISC) https://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fj-rfh6-qj85 - Patch, Vendor Advisory

12 May 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-12 21:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-32303

Mitre link : CVE-2023-32303

CVE.ORG link : CVE-2023-32303


JSON object : View

Products Affected

planet

  • planet
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource