CyberSec.Space Logo
Back to CVE Browser

CVE-2014-6275

MEDIUM
5.9
CVSS Severity Score
EPSS Score0.1390%
EPSS Percentile10.71th
PublishedJan 2, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.

Affected Platforms (CPE)

πŸ“¦
Fusionforge

Fusionforge

< 5.3.2
πŸ’»
Debian

Debian Linux

= 8.0

References & Advisories

πŸ”— http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html
πŸ”— https://security-tracker.debian.org/tracker/CVE-2014-6275
πŸ”— http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html
πŸ”— https://security-tracker.debian.org/tracker/CVE-2014-6275

Related Vulnerabilities

CVE-2015-085010.0

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when c...

CVE-2014-04689.8

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would h...

CVE-2013-14236.9

(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_updat...

CVE-2014-052410.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...