CVE-2020-10236

Опубликовано: 09 мар. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 3.6

EPSS Низкий

Описание

An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.

Ссылки

https://bugzilla.suse.com/show_bug.cgi?id=1165718
Issue Tracking
Third Party Advisory
https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5
Patch
https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14
Patch
https://bugzilla.suse.com/show_bug.cgi?id=1165718
Issue Tracking
Third Party Advisory
https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5
Patch
https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*

Версия до 0.10.14 (исключая)

EPSS

Процентиль: 34%

0.00139

Низкий

6.1 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2020-10236

CVSS3: 6.1

debian

почти 6 лет назад

An issue was discovered in Froxlor before 0.10.14. It created files wi ...

GHSA-hvgf-2rf7-wrx9

CVSS3: 6.1

github

больше 3 лет назад

Froxlor Information Disclosure

EPSS

Процентиль: 34%

0.00139

Низкий

6.1 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-20