CVE-2014-6275
Published: 2 January 2020
FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.
Priority
Status
Package | Release | Status |
---|---|---|
fusionforge Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3.2-1)
|
|
vivid |
Does not exist
|
|
wily |
Not vulnerable
(6.0.2+20150708-1)
|
|
xenial |
Not vulnerable
(6.0.2+20150708-1)
|
|
yakkety |
Not vulnerable
(6.0.2+20150708-1)
|
|
zesty |
Not vulnerable
(6.0.2+20150708-1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |