Bug 2307601 (CVE-2024-43791)

Summary: CVE-2024-43791 RequestStore: Incorrect Default Permissions in request_store 1.3.2
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: akostadi, amasferr, bbuckingham, caswilli, cbartlet, chazlett, dmayorov, ehelms, ggainey, jlledo, juwatts, kaycoth, mhulan, mkudlej, mmakovy, nmoumoul, pcreech, rchan, tjochec, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in RequestStore, which provides per-request global storage. This flaw allows a malicious user to execute arbitrary code due to global permission issues.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2024-08-23 15:20:51 UTC 
RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.