Conda-Smithy Incorrect File Permissions Vulnerability Allowing Unauthorized Access

A vulnerability exists in conda-smithy versions through 3.47.0, where the travis_headers function creates files with permissions that exceed the recommended limit. This oversight allows broader read and write access than intended, potentially leading to unauthorized access of configuration files in shared hosting environments. The issue stems from a failure to enforce strict file permissions, violating the principle of least privilege. The vulnerability could be exploited to access sensitive information or configuration files.

Impact

The vulnerability could result in unauthorized access to configuration files, particularly in shared hosting environments, leading to potential information disclosure or unauthorized code execution.

Reproduction

The vulnerability can be reproduced by using conda-smithy versions prior to 3.47.1 and registering a project with Travis CI. This process involves creating a Travis CI token and placing it in the appropriate directory without the necessary file permissions. The travis_headers function will then write the token to a file with incorrect permissions, allowing unauthorized access.

Remediation

Users can upgrade to conda-smithy version 3.47.1 or later, which includes the necessary fixes. Alternatively, avoid using Travis CI registration.