CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2023-49298
https://notcve.org/view.php?id=CVE-2023-49298
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions. • https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308 https://bugs.gentoo.org/917224 https://github.com/openzfs/zfs/issues/15526 https://github.com/openzfs/zfs/pull/15571 https://github.com/openzfs/zfs/releases/tag/zfs-2.1.14 https://github.com/openzfs/zfs/releases/tag/zfs-2.2.2 https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html https://news.ycombinator.com/item?id=38405731 https://news.ycombinator.com/item?id=38770168 https://web.archive • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-20001
https://notcve.org/view.php?id=CVE-2013-20001
An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied. Se detectó un problema en OpenZFS versiones hasta 2.0.3. Cuando un recurso compartido NFS es exportado a direcciones IPv6 por medio de la funcionalidad sharenfs, es producido un fallo silencioso al analizar los datos de la dirección IPv6 y es permitido un acceso a todos. • https://github.com/openzfs/zfs/issues/1894#issuecomment-30693652 https://github.com/openzfs/zfs/releases https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24716
https://notcve.org/view.php?id=CVE-2020-24716
OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. OpenZFS versiones anteriores a 2.0.0-rc1, cuando es usado en FreeBSD, permite ejecutar permisos para todos los directorios • https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1 https://jira.ixsystems.com/browse/NAS-107270 https://reviews.freebsd.org/D26107 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24717
https://notcve.org/view.php?id=CVE-2020-24717
OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. OpenZFS versiones anteriores a 2.0.0-rc1, cuando es usado en FreeBSD, malinterpreta los permisos de grupo como permisos de usuario, como es demostrado por el modo 0770 que es equivalente al modo 0777 • https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1 https://jira.ixsystems.com/browse/NAS-107270 https://reviews.freebsd.org/D26107 • CWE-276: Incorrect Default Permissions •