CVE-2008-0167

EPSS 1.07%
Veröffentlicht 18.05.2008 14:20:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gforge ≫ Gforge Version4.5.14

   Debian ≫ Debian Linux Version4.0
   Debian ≫ Debian Linux Version4.0 Editionalpha
   Debian ≫ Debian Linux Version4.0 Editionamd64
   Debian ≫ Debian Linux Version4.0 Editionarm
   Debian ≫ Debian Linux Version4.0 Editionhppa
   Debian ≫ Debian Linux Version4.0 Editionia-32
   Debian ≫ Debian Linux Version4.0 Editionia-64
   Debian ≫ Debian Linux Version4.0 Editionm68k
   Debian ≫ Debian Linux Version4.0 Editionmips
   Debian ≫ Debian Linux Version4.0 Editionmipsel
   Debian ≫ Debian Linux Version4.0 Editionpowerpc
   Debian ≫ Debian Linux Version4.0 Editions390
   Debian ≫ Debian Linux Version4.0 Editionsparc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.07%	0.768

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://secunia.com/advisories/30088

Vendor Advisory

http://secunia.com/advisories/30286

Vendor Advisory

http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz

http://www.debian.org/security/2008/dsa-1577

Patch

http://www.securityfocus.com/bid/29215

http://www.vupen.com/english/advisories/2008/1537/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/42456

https://nvd.nist.gov/vuln/detail/CVE-2008-0167

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0167

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0167

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2008-0167