Описание
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.10.15 (включая)
cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00077
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-362
Связанные уязвимости
CVSS3: 5.5
debian
почти 6 лет назад
An issue was discovered in Froxlor through 0.10.15. The installer wrot ...
CVSS3: 5.5
github
больше 3 лет назад
Froxlor Exposure of Sensitive Information to an Unauthorized Actor
EPSS
Процентиль: 23%
0.00077
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-362