Summarize Daemon Configuration File Permission Vulnerability

A vulnerability exists in the Summarize application in versions through 0.14.1. The issue arises because the application creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems. This flaw allows local attackers to access bearer tokens and API credentials stored in the daemon configuration file. Exploitation of these permissive permissions could lead to unauthorized access to the daemon or the recovery of sensitive API keys.

Impact

The vulnerability allows local attackers to read the daemon bearer token and persisted provider credentials, enabling unauthorized access to the daemon or recovery of sensitive API keys.

Reproduction

To reproduce this vulnerability, install a version of the Summarize application prior to 0.14.1. After installation, the daemon configuration file will be created with default permissions that may allow world-readable access. Check the file permissions of '~/.summarize/daemon.json' to confirm if the permissions are overly permissive. If they are, the vulnerability can be considered reproduced, as a local attacker could exploit these permissions to read sensitive information such as bearer tokens and API credentials.

Remediation

Users can update to Summarize version 0.14.1 or later, where this vulnerability has been fixed. Instructions for updating can be found in the application's documentation.