← Zuruck zu CVEs
CVE-2023-32698
HIGH7.1
Beschreibung
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders.
CVE Details
CVSS v3.1 Bewertung7.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht5/30/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
goreleaser:nfpm
Schwachen (CWE)
CWE-276CWE-276
Referenzen
https://github.com/goreleaser/nfpm/commit/ed9abdf63d5012cc884f2a83b4ab2b42b3680d30(security-advisories@github.com)
https://github.com/goreleaser/nfpm/releases/tag/v2.29.0(security-advisories@github.com)
https://github.com/goreleaser/nfpm/security/advisories/GHSA-w7jw-q4fg-qc4c(security-advisories@github.com)
https://github.com/goreleaser/nfpm/commit/ed9abdf63d5012cc884f2a83b4ab2b42b3680d30(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/goreleaser/nfpm/releases/tag/v2.29.0(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/goreleaser/nfpm/security/advisories/GHSA-w7jw-q4fg-qc4c(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.