CVE-2023-32303

CVSS V2 None CVSS V3 None

Description

Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.

Overview

CVE ID
CVE-2023-32303

Assigner
security-advisories@github.com

Vulnerability Status
Received

Published Version
2023-05-12T21:15:09

Last Modified Date
2023-05-12T21:15:09

Weakness Enumerations

CWE	URL
CWE-732	http://cwe.mitre.org/data/definitions/732.html

References

Reference URL	Reference Tags
https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7
https://github.com/planetlabs/planet-client-python/releases/tag/2.0.1
https://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fj-rfh6-qj85

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-32303
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32303

History

Created	Old Value	New Value	Data Type	Notes
2023-05-12 22:01:01				Added to TrackCVE
2023-05-12 22:01:03			Weakness Enumeration	new