CVE-2013-0337
CVE Details
Visit the official vulnerability details page for CVE-2013-0337 to learn more.
Initial Publication
01/20/2025
Last Update
09/21/2025
Third Party Dependency
nginx
NIST CVE Summary
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
CVE Severity
Our Official Summary
Nginx versions ≤ 1.3.13 created access.log and error.log files with world-readable permissions by default (chmod 644), which could allow local users to read potentially sensitive logs. However this vulnerability requires cluster access to access the container running nginx. Risk of exploit is low as this nginx runs inside a container.
Permissions of the log files will be adjusted to fix this vulnerability.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 05/29/2025 | Official summary added |
| 05/29/2025 | Status changed from Open to Ongoing |