Vulnerability Description
FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fusionforge | Fusionforge | < 5.3.2 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824Mailing ListTool Signature
- https://security-tracker.debian.org/tracker/CVE-2014-6275Third Party Advisory
- http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824Mailing ListTool Signature
- https://security-tracker.debian.org/tracker/CVE-2014-6275Third Party Advisory
FAQ
What is CVE-2014-6275?
CVE-2014-6275 is a vulnerability with a CVSS score of 5.9 (MEDIUM). FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it c...
How severe is CVE-2014-6275?
CVE-2014-6275 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-6275?
Check the references section above for vendor advisories and patch information. Affected products include: Fusionforge Fusionforge, Debian Debian Linux.