CVE-2017-1000382

Source
Severity Medium
Remote No
Type Information disclosure
Description
VIM ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. An attacker might search for vim swap files in order to retrieve security sensible data.
Group Package Affected Fixed Severity Status Ticket
AVG-635 gvim, vim 8.0.1530-1 8.0.1531-1 Medium Fixed
References
https://github.com/vim/vim/issues/2295
http://www.openwall.com/lists/oss-security/2017/10/31/15