Vulnerabilities > CVE-2019-7306 - Files or Directories Accessible to External Parties vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

byobu

canonical

CWE-552

NVD

Published: 2020-04-17

Updated: 2021-07-21

Summary

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu

Vulnerable Configurations

Part	Description	Count
Application	Byobu Byobu Byobu -	1
OS	Canonical Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 18.10 Canonical Ubuntu Linux 19.04	6

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7306
https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202