<p>Upgrade <code>froxlor/froxlor</code> to version 2.2.0 or higher.</p>

Incorrect Permission Assignment for Critical Resource Affecting froxlor/froxlor package, versions <2.2.0

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-FROXLORFROXLOR-7830474
published 25 Aug 2024
disclosed 23 Aug 2024
credit hardfalcon

Report a new vulnerability Found a mistake?

Introduced: 23 Aug 2024

CWE-732 Open this link in a new tab

How to fix?

Upgrade froxlor/froxlor to version 2.2.0 or higher.

Overview

froxlor/froxlor is a server administration software.

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource on configuration files. An attacker can gain unauthorized access to sensitive information by exploiting the readable configuration file containing database credentials.

NOTE: This is only exploitable if the instance is configured to use pure-ftpd.

References

CVSS Scores

version 4.0

version 3.1

Attack Vector (AV)

Local
Attack Complexity (AC)

Low
Attack Requirements (AT)

None
Privileges Required (PR)

Low
User Interaction (UI)

None

Confidentiality (VC)

High
Integrity (VI)

High
Availability (VA)

Low

Confidentiality (SC)

None
Integrity (SI)

None
Availability (SA)

None

Incorrect Permission Assignment for Critical Resource Affecting froxlor/froxlor package, versions <2.2.0

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 23 Aug 2024

How to fix?

Overview

References

CVSS Scores

Snyk