PT-2020-7724 · Apache+1 · Apache+1
Published
2020-01-02
·
Updated
2020-01-14
·
CVE-2014-6275
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FusionForge versions prior to 5.3.2
Description
The issue allows users to incorrectly access on-disk private data due to the use of scripts running under the shared Apache user, which is also used by project homepages by default. This can occur when project webpages are hosted on the same server as FusionForge.
Recommendations
For versions prior to 5.3.2, update to version 5.3.2 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache
Fusionforge