CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6275
https://notcve.org/view.php?id=CVE-2014-6275
FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge. FusionForge versiones anteriores a la versión 5.3.2, utiliza scripts que se ejecutan bajo el usuario de Apache compartido, que es también usado en las páginas de inicio del proyecto por defecto. Si las páginas web del proyecto están alojadas en el mismo servidor que FusionForge, puede permitir a usuarios acceder incorrectamente a datos privados en disco en FusionForge. • http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html https://security-tracker.debian.org/tracker/CVE-2014-6275 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2015-0850
https://notcve.org/view.php?id=CVE-2015-0850
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. El plugin Git para FusionForge anterior a 6.0rc4 permite a atacantes remotos ejecutar código arbitrario a través de un parámetro no especificado cuando crea un repositorio Git secundario. • http://www.debian.org/security/2015/dsa-3275 https://fusionforge.org/forum/forum.php?forum_id=41 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1423
https://notcve.org/view.php?id=CVE-2013-1423
(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files. (1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl en FusionForge v5,0, v5,1, v5,2 y permite a usuarios locales modificar los permisos de archivos arbitrariamente, obtener información sensible, y provocar impactos no especificados a través de un enlace simbólico (1) o (2) ataque al hard link en determinados archivos. • http://osvdb.org/90605 http://secunia.com/advisories/52318 http://secunia.com/advisories/52371 http://www.debian.org/security/2013/dsa-2633 http://www.openwall.com/lists/oss-security/2013/02/25/5 http://www.securityfocus.com/bid/58143 https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=0cc51b3aca51fa915a35195fdf729bcdb903f2af https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=1fc730b97c797e03 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •