cvedb.io
CVE-2018-0023
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2018-04-11T19:29:00.697 · Last modified 2026-06-17T01:29:24.990

Summary

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.

Affected products

juniper — jsnapy

Does this affect you?

Add your gear to cvedb and we'll alert you only when juniper ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.