First published: Thu Jan 02 2020(Updated: )
FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/fusionforge | ||
Fusionforge Fusionforge | <5.3.2 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-6275 is a vulnerability in FusionForge before 5.3.2 that allows users to incorrectly access on-disk private data if project webpages are hosted on the same server.
FusionForge versions up to and excluding 5.3.2 and Debian Debian Linux version 8.0 are affected by CVE-2014-6275.
The severity of CVE-2014-6275 is medium with a CVSS score of 5.9.
There is currently no known fix for CVE-2014-6275. It is recommended to apply the latest security patches or upgrade to a patched version of the software, if available.
For more information about CVE-2014-6275, you can visit the following references: [FusionForge Mailing List](https://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html), [Debian Security Tracker - CVE-2014-6275](https://security-tracker.debian.org/tracker/CVE-2014-6275), [FusionForge Mailing List Archive](http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html)