Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Halloy has insecure file permissions on credential files
Vulnerability Description
Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in `0644` on files and `0755` on directories. This allows any local user on the system to read plaintext credentials stored in `config.toml` or referenced `password_file` paths. Commit f180e41061db393acf65bc99f5c5e7397586d9cb patches the issue.
CVSS Information
N/A
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
Halloy 安全漏洞
Vulnerability Description
Halloy是Squidowl开源的一个跨平台IRC客户端。 Halloy存在安全漏洞,该漏洞源于配置文件权限设置不当,可能导致本地用户读取明文凭据。
CVSS Information
N/A
Vulnerability Type
N/A