FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: debian
Published: 2020-01-02T21:13:55
Updated: 2024-08-06T12:10:13.234Z
Reserved: 2014-09-09T00:00:00
Link: CVE-2014-6275
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-01-02T22:15:11.317
Modified: 2020-01-14T17:38:38.020
Link: CVE-2014-6275
Redhat
No data.