GSA_kwCzR0hTQS1qOXdyLW1qNjktY3Ftds4AAjxa

Moderate EPSS: 0.00077% (0.24132 Percentile) EPSS:

Permalink JSON

Froxlor Exposure of Sensitive Information to an Unauthorized Actor

Affected Packages	Affected Versions	Fixed Versions
packagist:froxlor/froxlor	<= 0.10.15	No known fixed version
0 Dependent packages 0 Dependent repositories 22 Downloads total Affected Version Ranges All affected versions 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.10.13, 0.10.14, 0.10.15

An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-10237
https://bugzilla.suse.com/show_bug.cgi?id=1165719
https://github.com/advisories/GHSA-j9wr-mj69-cqmv

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1qOXdyLW1qNjktY3Ftds4AAjxa

Froxlor Exposure of Sensitive Information to an Unauthorized Actor

Affected Version Ranges

All affected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API