PT-2006-3404 · Knowledgetree · Knowledgetree

David B Harris

Published

2006-05-18

Updated

2008-09-05

CVE-2006-2443

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions knowledgetree version 2.0.7

Description The issue allows local users to obtain sensitive information, including the username and password for the KnowledgeTree database, due to the Debian package of knowledgetree creating the environment.php file with world-readable permissions.

Recommendations For knowledgetree version 2.0.7, consider changing the permissions of the environment.php file to prevent world-readable access, and restrict access to sensitive database credentials.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2443

Affected Products

Knowledgetree

PT-2006-3404 · Knowledgetree · Knowledgetree

CVE-2006-2443

Related Identifiers

Affected Products

References · 3