CVEブラウザに戻る

CVE-2014-6275

MEDIUM

5.9

CVSS Severity Score

EPSS Score0.1390%

EPSS Percentile10.71th

Published2020年1月2日

Last Modified2024年11月21日

Vulnerability Description

FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.

Affected Platforms (CPE)

📦

Fusionforge

Fusionforge

< 5.3.2

💻

Debian

Debian Linux

= 8.0

References & Advisories

🔗 http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html

🔗 https://security-tracker.debian.org/tracker/CVE-2014-6275

🔗 http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html

🔗 https://security-tracker.debian.org/tracker/CVE-2014-6275

関連する脆弱性情報

CVE-2015-085010.0

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when c...

CVE-2014-04689.8

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would h...

CVE-2013-14236.9

(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_updat...

CVE-2014-049810.0

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Ma...