Insecure Backup File Creation in GNU Emacs

Insecure Backup File Creation in GNU Emacs

CVE-2017-1000383 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.

Learn more about our User Device Pen Test.