CVE-2020-10237

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 0.10.16

Description An issue was discovered where the installer wrote configuration parameters, including passwords, into files in /tmp without proper permissions, allowing a local attacker to disclose the information if the file was read at the right time. This is due to the createUserdataConf function in install/lib/class.FroxlorInstall.php.

Recommendations For Froxlor versions prior to 0.10.16, update to version 0.10.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp directory to minimize the risk of exploitation.