返回 CVE 瀏覽器

CVE-2014-6275

MEDIUM

5.9

CVSS Severity Score

EPSS Score0.1390%

EPSS Percentile10.71th

Published2020年1月2日

Last Modified2024年11月21日

Vulnerability Description

FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.

Affected Platforms (CPE)

📦

Fusionforge

Fusionforge

< 5.3.2

💻

Debian

Debian Linux

= 8.0

References & Advisories

🔗 http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html

🔗 https://security-tracker.debian.org/tracker/CVE-2014-6275

🔗 http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html

🔗 https://security-tracker.debian.org/tracker/CVE-2014-6275

相關漏洞威脅

CVE-2015-085010.0

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when c...

CVE-2014-04689.8

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would h...

CVE-2013-14236.9

(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_updat...

CVE-2014-052610.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...