CVE-2013-1809

EPSS 1.7%
Published 07.11.2019 23:15:10
Last modified 21.11.2024 01:50:25
Source secalert@redhat.com
CVE-Watchlists
Login
Open
Login

Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Gambas Project ≫ Gambas Version < 3.4.0

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.7%	0.806

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://www.openwall.com/lists/oss-security/2013/03/03/4

Third Party Advisory

Mailing List

https://access.redhat.com/security/cve/cve-2013-1809

Third Party Advisory

Not Applicable

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1809

Third Party Advisory

Issue Tracking

https://code.google.com/archive/p/gambas/issues/365

Third Party Advisory

Issue Tracking