GHSA-j9wr-mj69-cqmv

Source

https://github.com/advisories/GHSA-j9wr-mj69-cqmv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j9wr-mj69-cqmv/GHSA-j9wr-mj69-cqmv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j9wr-mj69-cqmv

Aliases

CVE-2020-10237

Published

2022-05-24T17:10:26Z

Modified

2024-04-25T21:43:27.936541Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Froxlor Exposure of Sensitive Information to an Unauthorized Actor

Details

An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.

Database specific

{
    "nvd_published_at": "2020-03-09T16:15:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T21:21:27Z"
}

References

Affected packages

Packagist / froxlor/froxlor

Package

Name: froxlor/froxlor
Purl: pkg:composer/froxlor/froxlor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.10.15

Affected versions

0.*

0.10.0-rc1

0.10.0-rc2

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.10.6

0.10.7

0.10.8

0.10.9

0.10.10

0.10.11

0.10.12

0.10.13

0.10.14

0.10.15