CVE-2013-1423 : (1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group

(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files.

Published 2013-03-14 03:13:29

Updated 2013-03-19 19:02:01

Source Debian GNU/Linux

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-1423

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-1423

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-1423

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1423

http://www.debian.org/security/2013/dsa-2633
https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=0cc51b3aca51fa915a35195fdf729bcdb903f2af

scm.fusionforge.org Git - fusionforge/fusionforge.git/commitdiff
https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba

scm.fusionforge.org Git - fusionforge/fusionforge.git/commitdiff
http://www.openwall.com/lists/oss-security/2013/02/25/5

oss-security - fusionforge CVE-2013-1423 multiple privilege escalations
https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=1fc730b97c797e03b89cd37823ab345d35286cf4

scm.fusionforge.org Git - fusionforge/fusionforge.git/commitdiff
http://www.securityfocus.com/bid/58143

FusionForge CVE-2013-1423 Multiple Local Privilege Escalation Vulnerabilities

Products affected by CVE-2013-1423

Fusionforge » Fusionforge » Version: 5.1
cpe:2.3:a:fusionforge:fusionforge:5.1:*:*:*:*:*:*:*
Matching versions
Fusionforge » Fusionforge » Version: 5.0
cpe:2.3:a:fusionforge:fusionforge:5.0:*:*:*:*:*:*:*
Matching versions
Fusionforge » Fusionforge » Version: 5.2
cpe:2.3:a:fusionforge:fusionforge:5.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-1423

Exploit prediction scoring system (EPSS) score for CVE-2013-1423

CVSS scores for CVE-2013-1423

CWE ids for CVE-2013-1423

References for CVE-2013-1423

Products affected by CVE-2013-1423