EIQ-2019-0025#

ID	EIQ-2019-0025
CVE	-
Description	Incorrect default permissions for the platform settings file
Date	13 Jun 2019
Severity	2 - MEDIUM
CVSSv3 score	CVSSv3 score not available on NIST NVD.
Status	✅ 2.5.0
Assessment	The packaging process that produces install packages for EclecticIQ Platform takes care of, among other things, setting default file access rights and permissions. The process sets incorrect permissions for the platform settings file: `/etc/eclecticiq/platform_settings.py`. The current access level for the the platform settings file is `644` / `rw-r--r--`. This enables anyone with SSH access to the server hosting the target platform instance to access the platform configuration settings that hold database credentials.
Mitigation	From release 2.5.0, the `/etc/eclecticiq/platform_settings.py` file and the corresponding symbolic link are assigned the following permissions: `640` / `rw-r-----` From release 2.5.0, the `/etc/eclecticiq/platform_settings.py` file and the corresponding symbolic link are assigned the following user and group: `root:eclecticiq` To manually set these values in earlier platform releases: Log in to the platform with SSH, and then run the following commands: sudo chown root:eclecticiq /opt/eclecticiq/etc/eclecticiq/platform_settings.py sudo chown root:eclecticiq /etc/eclecticiq/platform_settings.py sudo chmod 640 /opt/eclecticiq/etc/eclecticiq/platform_settings.py sudo chmod 640 /etc/eclecticiq/platform_settings.py
Affected versions	2.4.0 and earlier.
Notes	For more information about the weakness, see CWE-276. To successfully execute commands in the command line or in the terminal, you may require root-level access rights.