Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Vulnerability Description
Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
Spotipy 安全漏洞
Vulnerability Description
Spotipy是spotipy-dev个人开发者的用于 Spotify Web API 的轻量级 Python 库。 Spotipy 2.25.1之前版本存在安全漏洞,该漏洞源于CacheHandler类创建的缓存文件权限过于宽松,可能导致Spotify认证令牌泄露。
CVSS Information
N/A
Vulnerability Type
N/A