CVE-2014-6275

EPSS 0.9%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

02 Jan 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.

Affected products

Red Hat · FusionForge

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html https://security-tracker.debian.org/tracker/CVE-2014-6275