Search criteria
12 vulnerabilities found for fusionforge by fusionforge
FKIE_CVE-2014-0468
Vulnerability from fkie_nvd - Published: 2025-06-26 21:15 - Updated: 2025-08-06 16:34
Severity ?
Summary
Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that
the users would have uploaded in their raw SCM repositories (SVN, Git,
Bzr...). This issue affects fusionforge: before 5.3+20140506.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fusionforge | fusionforge | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fusionforge:fusionforge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9381B16D-C319-4E04-A4F5-F76F10D24E0F",
"versionEndExcluding": "5.3\\+20140506.",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that \nthe users would have uploaded in their raw SCM repositories (SVN, Git, \nBzr...). This issue affects fusionforge: before 5.3+20140506."
},
{
"lang": "es",
"value": "Vulnerabilidad en fusionforge en la configuraci\u00f3n de Apache de f\u00e1brica, donde el servidor web podr\u00eda ejecutar scripts que los usuarios habr\u00edan subido a sus repositorios SCM sin procesar (SVN, Git, Bzr, etc.). Este problema afecta a fusionforge: versiones anteriores a 5.3+20140506."
}
],
"id": "CVE-2014-0468",
"lastModified": "2025-08-06T16:34:59.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-26T21:15:27.527",
"references": [
{
"source": "security@debian.org",
"tags": [
"Broken Link"
],
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory",
"Mailing List"
],
"url": "https://web.archive.org/web/20151019035734/http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-6275
Vulnerability from fkie_nvd - Published: 2020-01-02 22:15 - Updated: 2024-11-21 02:14
Severity ?
Summary
FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.
References
| URL | Tags | ||
|---|---|---|---|
| security@debian.org | http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html | Mailing List, Tool Signature | |
| security@debian.org | https://security-tracker.debian.org/tracker/CVE-2014-6275 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html | Mailing List, Tool Signature | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2014-6275 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fusionforge | fusionforge | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fusionforge:fusionforge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E346ABFE-356E-4927-B490-F74FB6CF4A91",
"versionEndExcluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge."
},
{
"lang": "es",
"value": "FusionForge versiones anteriores a la versi\u00f3n 5.3.2, utiliza scripts que se ejecutan bajo el usuario de Apache compartido, que es tambi\u00e9n usado en las p\u00e1ginas de inicio del proyecto por defecto. Si las p\u00e1ginas web del proyecto est\u00e1n alojadas en el mismo servidor que FusionForge, puede permitir a usuarios acceder incorrectamente a datos privados en disco en FusionForge."
}
],
"id": "CVE-2014-6275",
"lastModified": "2024-11-21T02:14:04.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T22:15:11.317",
"references": [
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Tool Signature"
],
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Tool Signature"
],
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0850
Vulnerability from fkie_nvd - Published: 2015-06-02 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fusionforge | fusionforge | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fusionforge:fusionforge:*:rc3:*:*:*:*:*:*",
"matchCriteriaId": "481C1AC3-CBBB-43BA-84ED-51221CA33B95",
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository."
},
{
"lang": "es",
"value": "El plugin Git para FusionForge anterior a 6.0rc4 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un par\u00e1metro no especificado cuando crea un repositorio Git secundario."
}
],
"id": "CVE-2015-0850",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-02T14:59:05.427",
"references": [
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2015/dsa-3275"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://fusionforge.org/forum/forum.php?forum_id=41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://fusionforge.org/forum/forum.php?forum_id=41"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1423
Vulnerability from fkie_nvd - Published: 2013-03-14 03:13 - Updated: 2025-04-11 00:51
Severity ?
Summary
(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fusionforge | fusionforge | 5.0 | |
| fusionforge | fusionforge | 5.1 | |
| fusionforge | fusionforge | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fusionforge:fusionforge:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD61A06A-13A0-4C6D-89CB-84C5E759A5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fusionforge:fusionforge:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA93027-4D74-4543-9795-AB7FD0DEFCBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fusionforge:fusionforge:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "98E3A31F-9144-4F48-861B-5FDC85A26087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files."
},
{
"lang": "es",
"value": "(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl en FusionForge v5,0, v5,1, v5,2 y permite a usuarios locales modificar los permisos de archivos arbitrariamente, obtener informaci\u00f3n sensible, y provocar impactos no especificados a trav\u00e9s de un enlace simb\u00f3lico (1) o (2) ataque al hard link en determinados archivos."
}
],
"id": "CVE-2013-1423",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:13:28.723",
"references": [
{
"source": "security@debian.org",
"url": "http://osvdb.org/90605"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/52318"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/52371"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2013/dsa-2633"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/5"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/58143"
},
{
"source": "security@debian.org",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=0cc51b3aca51fa915a35195fdf729bcdb903f2af"
},
{
"source": "security@debian.org",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=1fc730b97c797e03b89cd37823ab345d35286cf4"
},
{
"source": "security@debian.org",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/52318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/52371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=0cc51b3aca51fa915a35195fdf729bcdb903f2af"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=1fc730b97c797e03b89cd37823ab345d35286cf4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-0468 (GCVE-0-2014-0468)
Vulnerability from cvelistv5 – Published: 2025-06-26 20:39 – Updated: 2025-06-27 14:39
VLAI?
Summary
Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that
the users would have uploaded in their raw SCM repositories (SVN, Git,
Bzr...). This issue affects fusionforge: before 5.3+20140506.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fusionforge | fusionforge |
Affected:
0 , < 5.3+20140506
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-0468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T14:34:41.152990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T14:39:39.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "fusionforge",
"vendor": "fusionforge",
"versions": [
{
"lessThan": "5.3+20140506",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that \nthe users would have uploaded in their raw SCM repositories (SVN, Git, \nBzr...). This issue affects fusionforge: before 5.3+20140506."
}
],
"value": "Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that \nthe users would have uploaded in their raw SCM repositories (SVN, Git, \nBzr...). This issue affects fusionforge: before 5.3+20140506."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T20:39:24.065Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html"
},
{
"url": "https://web.archive.org/web/20151019035734/http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0468",
"datePublished": "2025-06-26T20:39:24.065Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2025-06-27T14:39:39.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6275 (GCVE-0-2014-6275)
Vulnerability from cvelistv5 – Published: 2020-01-02 21:13 – Updated: 2024-08-06 12:10
VLAI?
Summary
FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat | FusionForge |
Affected:
before 5.3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionForge",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "before 5.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T21:13:55",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-6275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionForge",
"version": {
"version_data": [
{
"version_value": "before 5.3.2"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-6275",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
},
{
"name": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html",
"refsource": "MISC",
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-6275",
"datePublished": "2020-01-02T21:13:55",
"dateReserved": "2014-09-09T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0850 (GCVE-0-2015-0850)
Vulnerability from cvelistv5 – Published: 2015-06-02 14:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:10.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fusionforge.org/forum/forum.php?forum_id=41"
},
{
"name": "DSA-3275",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T12:57:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fusionforge.org/forum/forum.php?forum_id=41"
},
{
"name": "DSA-3275",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fusionforge.org/forum/forum.php?forum_id=41",
"refsource": "CONFIRM",
"url": "https://fusionforge.org/forum/forum.php?forum_id=41"
},
{
"name": "DSA-3275",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0850",
"datePublished": "2015-06-02T14:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:26:10.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1423 (GCVE-0-2013-1423)
Vulnerability from cvelistv5 – Published: 2013-03-12 16:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:48.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58143"
},
{
"name": "DSA-2633",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=1fc730b97c797e03b89cd37823ab345d35286cf4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=0cc51b3aca51fa915a35195fdf729bcdb903f2af"
},
{
"name": "[oss-security] 20130225 fusionforge CVE-2013-1423 multiple privilege escalations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/5"
},
{
"name": "52371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52371"
},
{
"name": "52318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52318"
},
{
"name": "90605",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T16:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "58143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58143"
},
{
"name": "DSA-2633",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=1fc730b97c797e03b89cd37823ab345d35286cf4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=0cc51b3aca51fa915a35195fdf729bcdb903f2af"
},
{
"name": "[oss-security] 20130225 fusionforge CVE-2013-1423 multiple privilege escalations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/5"
},
{
"name": "52371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52371"
},
{
"name": "52318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52318"
},
{
"name": "90605",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2013-1423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58143"
},
{
"name": "DSA-2633",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2633"
},
{
"name": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba",
"refsource": "CONFIRM",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba"
},
{
"name": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=1fc730b97c797e03b89cd37823ab345d35286cf4",
"refsource": "CONFIRM",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=1fc730b97c797e03b89cd37823ab345d35286cf4"
},
{
"name": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=0cc51b3aca51fa915a35195fdf729bcdb903f2af",
"refsource": "CONFIRM",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=0cc51b3aca51fa915a35195fdf729bcdb903f2af"
},
{
"name": "[oss-security] 20130225 fusionforge CVE-2013-1423 multiple privilege escalations",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/5"
},
{
"name": "52371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52371"
},
{
"name": "52318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52318"
},
{
"name": "90605",
"refsource": "OSVDB",
"url": "http://osvdb.org/90605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2013-1423",
"datePublished": "2013-03-12T16:00:00Z",
"dateReserved": "2013-01-26T00:00:00Z",
"dateUpdated": "2024-09-17T02:27:55.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0468 (GCVE-0-2014-0468)
Vulnerability from nvd – Published: 2025-06-26 20:39 – Updated: 2025-06-27 14:39
VLAI?
Summary
Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that
the users would have uploaded in their raw SCM repositories (SVN, Git,
Bzr...). This issue affects fusionforge: before 5.3+20140506.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fusionforge | fusionforge |
Affected:
0 , < 5.3+20140506
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-0468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T14:34:41.152990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T14:39:39.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "fusionforge",
"vendor": "fusionforge",
"versions": [
{
"lessThan": "5.3+20140506",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that \nthe users would have uploaded in their raw SCM repositories (SVN, Git, \nBzr...). This issue affects fusionforge: before 5.3+20140506."
}
],
"value": "Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that \nthe users would have uploaded in their raw SCM repositories (SVN, Git, \nBzr...). This issue affects fusionforge: before 5.3+20140506."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T20:39:24.065Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html"
},
{
"url": "https://web.archive.org/web/20151019035734/http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0468",
"datePublished": "2025-06-26T20:39:24.065Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2025-06-27T14:39:39.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6275 (GCVE-0-2014-6275)
Vulnerability from nvd – Published: 2020-01-02 21:13 – Updated: 2024-08-06 12:10
VLAI?
Summary
FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat | FusionForge |
Affected:
before 5.3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionForge",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "before 5.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T21:13:55",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-6275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionForge",
"version": {
"version_data": [
{
"version_value": "before 5.3.2"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-6275",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
},
{
"name": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html",
"refsource": "MISC",
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-6275",
"datePublished": "2020-01-02T21:13:55",
"dateReserved": "2014-09-09T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0850 (GCVE-0-2015-0850)
Vulnerability from nvd – Published: 2015-06-02 14:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:10.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fusionforge.org/forum/forum.php?forum_id=41"
},
{
"name": "DSA-3275",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T12:57:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fusionforge.org/forum/forum.php?forum_id=41"
},
{
"name": "DSA-3275",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fusionforge.org/forum/forum.php?forum_id=41",
"refsource": "CONFIRM",
"url": "https://fusionforge.org/forum/forum.php?forum_id=41"
},
{
"name": "DSA-3275",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0850",
"datePublished": "2015-06-02T14:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:26:10.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1423 (GCVE-0-2013-1423)
Vulnerability from nvd – Published: 2013-03-12 16:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:48.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58143"
},
{
"name": "DSA-2633",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=1fc730b97c797e03b89cd37823ab345d35286cf4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=0cc51b3aca51fa915a35195fdf729bcdb903f2af"
},
{
"name": "[oss-security] 20130225 fusionforge CVE-2013-1423 multiple privilege escalations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/5"
},
{
"name": "52371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52371"
},
{
"name": "52318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52318"
},
{
"name": "90605",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T16:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "58143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58143"
},
{
"name": "DSA-2633",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=1fc730b97c797e03b89cd37823ab345d35286cf4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=0cc51b3aca51fa915a35195fdf729bcdb903f2af"
},
{
"name": "[oss-security] 20130225 fusionforge CVE-2013-1423 multiple privilege escalations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/5"
},
{
"name": "52371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52371"
},
{
"name": "52318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52318"
},
{
"name": "90605",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2013-1423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58143"
},
{
"name": "DSA-2633",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2633"
},
{
"name": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba",
"refsource": "CONFIRM",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba"
},
{
"name": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=1fc730b97c797e03b89cd37823ab345d35286cf4",
"refsource": "CONFIRM",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=1fc730b97c797e03b89cd37823ab345d35286cf4"
},
{
"name": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=0cc51b3aca51fa915a35195fdf729bcdb903f2af",
"refsource": "CONFIRM",
"url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=0cc51b3aca51fa915a35195fdf729bcdb903f2af"
},
{
"name": "[oss-security] 20130225 fusionforge CVE-2013-1423 multiple privilege escalations",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/5"
},
{
"name": "52371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52371"
},
{
"name": "52318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52318"
},
{
"name": "90605",
"refsource": "OSVDB",
"url": "http://osvdb.org/90605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2013-1423",
"datePublished": "2013-03-12T16:00:00Z",
"dateReserved": "2013-01-26T00:00:00Z",
"dateUpdated": "2024-09-17T02:27:55.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}