-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ceph-deploy | pip | < 1.5.25 | 1.5.25 |
Miggo AIRoot Cause AnalysisThe vulnerability arises from two key functions. The admin function in admin.py failed to specify a secure file mode when writing the admin keyring via write_file. The write_file function in remotes.py, by default, created files with 0644 permissions (world-readable). The patch explicitly sets 0600 in the admin function and modifies write_file to accept a mode parameter. The presence of the original admin function (without mode argument) and the original write_file (with insecure default) directly caused the exposure.