CVE-2020-10237

MEDIUM5.5EPSS 0.08%

Froxlor Exposure of Sensitive Information to an Unauthorized Actor

Published: 5/24/2022Modified: 4/25/2024

Description

An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.

Affected packages (1)

Packagist/froxlor/froxlorfrom 0, <= 0.10.15

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-10237
PATCHhttps://github.com/Froxlor/Froxlor
WEBhttps://bugzilla.suse.com/show_bug.cgi?id=1165719