Steipete Summarize Insecure File Permissions Information Disclosure Vulnerability

A vulnerability exists in Steipete Summarize versions prior to 0.15.1, where the refresh-free configuration rewrite process does not properly manage file permissions. This flaw allows local users to access sensitive credentials by taking advantage of default filesystem permission settings. When the refresh-free path updates the configuration file, it applies the default process umask permissions instead of maintaining the original file permissions. As a result, the configuration file, which contains API keys and provider credentials, is exposed to other local users on shared Unix-like systems.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive credentials, such as API keys and provider information, by local users on the same system.

Reproduction

The vulnerability can be reproduced by writing a configuration file in the refresh-free path with default permissions that allow other local users to read it. This can be done by using an older version of the Steipete Summarize tool, prior to the permission fix in version 0.15.1. After the file is created, its permissions can be checked to confirm that they do not restrict access to other local users.

Remediation

Users can upgrade to Steipete Summarize version 0.15.2 or later, where this vulnerability has been addressed.