Skip to main content
Version: latest

CVE-2013-0337

CVE Details

Visit the official vulnerability details page for CVE-2013-0337 to learn more.

Initial Publication

01/20/2025

Last Update

09/02/2025

Third Party Dependency

nginx

NIST CVE Summary

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

CVE Severity

7.5

Our Official Summary

Nginx versions ≤ 1.3.13 created access.log and error.log files with world-readable permissions by default (chmod 644), which could allow local users to read potentially sensitive logs. However this vulnerability requires cluster access to access the container running nginx. Risk of exploit is low as this nginx runs inside a container.

Permissions of the log files will be adjusted to fix this vulnerability.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.7.16⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.6.41⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.22⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact

Revision History

DateRevision
05/29/2025Official summary added
05/29/2025Status changed from Open to Ongoing