Incorrect Permission Assignment for Critical Resource Affecting froxlor/froxlor package, versions <2.2.0

Q: How to fix?

Upgrade froxlor/froxlor to version 2.2.0 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PHP-FROXLORFROXLOR-7830474
published25 Aug 2024
disclosed23 Aug 2024
credithardfalcon

Report a new vulnerability Found a mistake?

Introduced: 23 Aug 2024

CWE-732 (opens in a new tab)

How to fix?

Upgrade froxlor/froxlor to version 2.2.0 or higher.

Overview

froxlor/froxlor is a server administration software.

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource on configuration files. An attacker can gain unauthorized access to sensitive information by exploiting the readable configuration file containing database credentials.

NOTE: This is only exploitable if the instance is configured to use pure-ftpd.

References

CVSS Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
Low
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
Low

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None