← Retour aux CVEs
CVE-2023-32698
HIGH7.1
Description
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders.
Details CVE
Score CVSS v3.17.1
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie5/30/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
goreleaser:nfpm
Faiblesses (CWE)
CWE-276CWE-276
References
https://github.com/goreleaser/nfpm/commit/ed9abdf63d5012cc884f2a83b4ab2b42b3680d30(security-advisories@github.com)
https://github.com/goreleaser/nfpm/releases/tag/v2.29.0(security-advisories@github.com)
https://github.com/goreleaser/nfpm/security/advisories/GHSA-w7jw-q4fg-qc4c(security-advisories@github.com)
https://github.com/goreleaser/nfpm/commit/ed9abdf63d5012cc884f2a83b4ab2b42b3680d30(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/goreleaser/nfpm/releases/tag/v2.29.0(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/goreleaser/nfpm/security/advisories/GHSA-w7jw-q4fg-qc4c(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.