CVE-2014-6275

Sažetak

FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.

Reference

http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html
https://security-tracker.debian.org/tracker/CVE-2014-6275

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

14-01-2020 - 17:38

Objavljeno

02-01-2020 - 22:15