First published: Mon Nov 20 2023(Updated: )
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.
|Affected Software||Affected Version||How to fix|
The vulnerability ID is CVE-2023-3116.
The title of this vulnerability is 'Liteos-A has a incorrect default permissions vulnerability'.
The description of this vulnerability is that in OpenHarmony v3.2.2 and prior versions, it allows a local attacker to get confidential information or rewrite sensitive files through incorrect default permissions.
The affected software is OpenHarmony v3.2.2 and prior versions.
The severity of this vulnerability is high with a CVSS score of 7.3.
A local attacker can exploit this vulnerability by taking advantage of the incorrect default permissions to gain access to confidential information or rewrite sensitive files.
Currently, there are no specific fixes mentioned for this vulnerability. It is recommended to follow the recommended security practices and apply updates from the vendor if available.
More information about this vulnerability can be found at the following reference link: [OpenHarmony Security Disclosure](https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md)