Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-32698HistoryMay 30, 2023 - 4:15 a.m.
CVE-2023-32698
2023-05-3004:15:00
Alpine Linux Development Team
security.alpinelinux.org
4
cve-2023-32698
file permissions
nfpm
bad permissions
unix
0.001 Low
EPSS
Percentile
21.7%
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged
the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.18-community | noarch | nfpm | = 2.28.0-r3 | UNKNOWN |
Related
prion
prion
Code injection
2023-05-30 04:15:00
osv
osv
CVE-2023-32698
2023-05-30 04:15:10
nfpm has incorrect default permissions
2023-05-24 17:30:16
Incorrect permissions in github.com/goreleaser/nfpm/v2
2023-06-01 21:27:40
veracode
veracode
Information Disclosure
2023-06-02 12:10:06
nvd
nvd
CVE-2023-32698
2023-05-30 04:15:10
cve
cve
CVE-2023-32698
2023-05-30 04:15:10
cvelist
cvelist
CVE-2023-32698 nfpm vulnerable to Incorrect Default Permissions
2023-05-30 03:56:30
github
github
nfpm has incorrect default permissions
2023-05-24 17:30:16
wolfi
wolfi
CVE-2023-32698 vulnerabilities
2024-07-05 03:08:40
ibm
ibm