PT-2014-8472 · Typo3 · Fal Sftp Extension

Published

2014-10-27

Updated

2022-05-17

CVE-2014-8327

CVSS v4.0

4.9

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions TYPO3 fal sftp extension versions prior to 0.2.6

Description The issue allows remote authenticated users to obtain sensitive information due to weak permissions for sFTP driver files and folders.

Recommendations For versions prior to 0.2.6, update the fal sftp extension to version 0.2.6 or later to resolve the issue.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2014-8327

GHSA-XWQ4-2CWR-FV2Q

Affected Products

Fal Sftp Extension

PT-2014-8472 · Typo3 · Fal Sftp Extension

CVE-2014-8327

Weakness Enumeration

Related Identifiers

Affected Products

References · 6