CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
According to a Debian Security Advisory:
Andres Salomon noticed a problem in the CGI session
management of Ruby, an object-oriented scripting language.
CGI::Session’s FileStore (and presumably PStore […])
implementations store session information insecurely.
They simply create files, ignoring permission issues.
This can lead an attacker who has also shell access to the
webserver to take over a session.