- Description
- (1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files.
- Source
- security@debian.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-59
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fusionforge:fusionforge:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD61A06A-13A0-4C6D-89CB-84C5E759A5F5"
},
{
"criteria": "cpe:2.3:a:fusionforge:fusionforge:5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FA93027-4D74-4543-9795-AB7FD0DEFCBA"
},
{
"criteria": "cpe:2.3:a:fusionforge:fusionforge:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98E3A31F-9144-4F48-861B-5FDC85A26087"
}
],
"operator": "OR"
}
]
}
]