Bug 2497443 - CVE-2026-13769 awscli2: AWS CLI: Information disclosure via overly permissive file permissions [fedora-all]
Summary: CVE-2026-13769 awscli2: AWS CLI: Information disclosure via overly permissive...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: awscli2
Version: rawhide
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Nikola Forró
QA Contact:
URL:
Whiteboard: {"flaws": ["ef22f8c5-ebca-45a4-a705-2...
Depends On:
Blocks: CVE-2026-13769
TreeView+ depends on / blocked
 
Reported: 2026-07-06 19:40 UTC by Ganesh
Modified: 2026-07-07 07:10 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2026-07-07 07:10:38 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Ganesh 2026-07-06 19:40:19 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Overly permissive file permissions in AWS CLI before 1.44.78 (v1) and 2.34.29 (v2) on Unix-like systems where the umask has not been configured to restrict file permissions (the default on most systems) may allow other local users on the same host to read credentials written by certain CLI subcommands (aws codeartifact login, aws iam create-virtual-mfa-device, aws deploy register).

To remediate this issue, users should upgrade to AWS CLI 1.44.78 (v1) or 2.34.29 (v2) or later.

Comment 1 Nikola Forró 2026-07-07 07:10:38 UTC
awscli2 is at 2.35.0 in all supported Fedora releases.


Note You need to log in before you can comment on or make changes to this bug.