Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for FusionForge by Red Hat

    CVE-2014-6275 (GCVE-0-2014-6275)

    Vulnerability from nvd – Published: 2020-01-02 21:13 – Updated: 2024-08-06 12:10
    VLAI
    Summary
    FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat FusionForge Affected: before 5.3.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:10:13.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FusionForge",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.3.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-02T21:13:55.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2014-6275",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FusionForge",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 5.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2014-6275",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
                },
                {
                  "name": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html",
                  "refsource": "MISC",
                  "url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2014-6275",
        "datePublished": "2020-01-02T21:13:55.000Z",
        "dateReserved": "2014-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:10:13.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6275 (GCVE-0-2014-6275)

    Vulnerability from cvelistv5 – Published: 2020-01-02 21:13 – Updated: 2024-08-06 12:10
    VLAI
    Summary
    FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat FusionForge Affected: before 5.3.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:10:13.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FusionForge",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.3.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-02T21:13:55.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2014-6275",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FusionForge",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 5.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2014-6275",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
                },
                {
                  "name": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html",
                  "refsource": "MISC",
                  "url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2014-6275",
        "datePublished": "2020-01-02T21:13:55.000Z",
        "dateReserved": "2014-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:10:13.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }