CVE-2023-32303

Incorrect Permission Assignment for Critical Resource in pypi/planet

Identifiers

CVE-2023-32303, GHSA-j5fj-rfh6-qj85

Package Slug

pypi/planet

Vulnerability

Incorrect Permission Assignment for Critical Resource

Description

Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.

Affected Versions

All versions before 2.0.1

Solution

Upgrade to version 2.0.1 or above.

Last Modified

2023-05-15

source