Vulnerability Description
OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openzfs | Openzfs | <= 0.8.4 |
| Freebsd | Freebsd | - |
Related Weaknesses (CWE)
References
- https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73fPatchThird Party Advisory
- https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1PatchThird Party Advisory
- https://jira.ixsystems.com/browse/NAS-107270ExploitIssue TrackingPatch
- https://reviews.freebsd.org/D26107Issue TrackingPatchThird Party Advisory
- https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73fPatchThird Party Advisory
- https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1PatchThird Party Advisory
- https://jira.ixsystems.com/browse/NAS-107270ExploitIssue TrackingPatch
- https://reviews.freebsd.org/D26107Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2020-24717?
CVE-2020-24717 is a vulnerability with a CVSS score of 7.8 (HIGH). OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.
How severe is CVE-2020-24717?
CVE-2020-24717 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24717?
Check the references section above for vendor advisories and patch information. Affected products include: Openzfs Openzfs, Freebsd Freebsd.