CVE-2020-10237
MEDIUM5.5EPSS 0.08%Froxlor Exposure of Sensitive Information to an Unauthorized Actor
發布日:2022/5/24修改日:2024/4/25
描述
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
受影響套件(1)
- Packagist/froxlor/froxlorfrom 0, <= 0.10.15
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |