Vulnerability Details : CVE-2013-1423
(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files.
Exploit prediction scoring system (EPSS) score for CVE-2013-1423
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1423
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2013-1423
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1423
-
http://www.debian.org/security/2013/dsa-2633
-
https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=0cc51b3aca51fa915a35195fdf729bcdb903f2af
scm.fusionforge.org Git - fusionforge/fusionforge.git/commitdiff
-
https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba
scm.fusionforge.org Git - fusionforge/fusionforge.git/commitdiff
-
http://www.openwall.com/lists/oss-security/2013/02/25/5
oss-security - fusionforge CVE-2013-1423 multiple privilege escalations
-
https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=1fc730b97c797e03b89cd37823ab345d35286cf4
scm.fusionforge.org Git - fusionforge/fusionforge.git/commitdiff
-
http://www.securityfocus.com/bid/58143
FusionForge CVE-2013-1423 Multiple Local Privilege Escalation Vulnerabilities
Products affected by CVE-2013-1423
- cpe:2.3:a:fusionforge:fusionforge:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:fusionforge:fusionforge:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:fusionforge:fusionforge:5.2:*:*:*:*:*:*:*