← Volver a CVEs
CVE-2023-32698
HIGH7.1
Descripcion
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders.
Detalles CVE
Puntuacion CVSS v3.17.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado5/30/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
goreleaser:nfpm
Debilidades (CWE)
CWE-276CWE-276
Referencias
https://github.com/goreleaser/nfpm/commit/ed9abdf63d5012cc884f2a83b4ab2b42b3680d30(security-advisories@github.com)
https://github.com/goreleaser/nfpm/releases/tag/v2.29.0(security-advisories@github.com)
https://github.com/goreleaser/nfpm/security/advisories/GHSA-w7jw-q4fg-qc4c(security-advisories@github.com)
https://github.com/goreleaser/nfpm/commit/ed9abdf63d5012cc884f2a83b4ab2b42b3680d30(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/goreleaser/nfpm/releases/tag/v2.29.0(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/goreleaser/nfpm/security/advisories/GHSA-w7jw-q4fg-qc4c(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.