CVE-2013-1423

Published: Mar 14, 2013Modified: Apr 29, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files.

Affected (3)

Products: Fusionforge: Fusionforge

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fusionforge Fusionforge	Version 5.0
Fusionforge Fusionforge	Version 5.1
Fusionforge Fusionforge	Version 5.2

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (18)

http://osvdb.org/90605

Source: security@debian.org

http://secunia.com/advisories/52318

Source: security@debian.org

http://secunia.com/advisories/52371

Source: security@debian.org

http://www.debian.org/security/2013/dsa-2633

Source: security@debian.org

http://www.openwall.com/lists/oss-security/2013/02/25/5

Source: security@debian.org

http://www.securityfocus.com/bid/58143

Source: security@debian.org

https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=0cc51b3aca51fa915a35195fdf729bcdb903f2af

Source: security@debian.org

https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=1fc730b97c797e03b89cd37823ab345d35286cf4

Source: security@debian.org

https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba

Source: security@debian.org

http://osvdb.org/90605

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/52318

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/52371

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2013/dsa-2633

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/02/25/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/58143

Source: af854a3a-2127-422b-91ae-364da2661108

https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=0cc51b3aca51fa915a35195fdf729bcdb903f2af

Source: af854a3a-2127-422b-91ae-364da2661108

https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=1fc730b97c797e03b89cd37823ab345d35286cf4

Source: af854a3a-2127-422b-91ae-364da2661108

https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git%3Ba=commitdiff%3Bh=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.