PT-2006-3404 · Knowledgetree · Knowledgetree

David B Harris

Publicado

2006-05-18

Atualizado

2008-09-05

CVE-2006-2443

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions knowledgetree version 2.0.7

Description The issue allows local users to obtain sensitive information, including the username and password for the KnowledgeTree database, due to the Debian package of knowledgetree creating the environment.php file with world-readable permissions.

Recommendations For knowledgetree version 2.0.7, consider changing the permissions of the environment.php file to prevent world-readable access, and restrict access to sensitive database credentials.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2443

Produtos afetados

Knowledgetree

PT-2006-3404 · Knowledgetree · Knowledgetree

CVE-2006-2443

Identificadores relacionados

Produtos afetados

Referências · 3