---

CVE-2017-1000382 - log back

CVE-2017-1000382 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Local
Type	+ Information disclosure
Description	+ VIM ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. An attacker might search for vim swap files in order to retrieve security sensible data.
References	+ https://github.com/vim/vim/issues/2295 + http://www.openwall.com/lists/oss-security/2017/10/31/15
Notes