Vulnerability Description
Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Planet | Planet | < 2.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80Patch
- https://github.com/planetlabs/planet-client-python/releases/tag/2.0.1Release Notes
- https://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fjPatchVendor Advisory
- https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80Patch
- https://github.com/planetlabs/planet-client-python/releases/tag/2.0.1Release Notes
- https://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fjPatchVendor Advisory
FAQ
What is CVE-2023-32303?
CVE-2023-32303 is a vulnerability with a CVSS score of 5.2 (MEDIUM). Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permis...
How severe is CVE-2023-32303?
CVE-2023-32303 has been rated MEDIUM with a CVSS base score of 5.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32303?
Check the references section above for vendor advisories and patch information. Affected products include: Planet Planet.