CyberSec.Space Logo
Back to CVE Browser

CVE-2020-12831

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.0480%
EPSS Percentile13.77th
PublishedMay 13, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file

Affected Platforms (CPE)

πŸ“¦
Linuxfoundation

Free Range Routing

<= 7.3.1

References & Advisories

πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1830805
πŸ”— https://github.com/FRRouting/frr/pull/6383
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1830805
πŸ”— https://github.com/FRRouting/frr/pull/6383

Related Vulnerabilities

CVE-2017-54957.5

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a...

CVE-2019-58926.5

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...