Lucene search
GoogleOSV:CVE-2020-10237HistoryMar 09, 2020 - 4:15 p.m.
CVE-2020-10237
2020-03-0916:15:12
Google
osv.dev
2
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| froxlor | eq | 0.9.32 | |
| froxlor | eq | 0.10.10 | |
| froxlor | eq | 0.9.28 | |
| froxlor | eq | 0.9.22-rc1 | |
| froxlor | eq | 0.9.33-rc1 | |
| froxlor | eq | 0.9.37-rc1 | |
| froxlor | eq | 0.9.31-rc1 | |
| froxlor | eq | 0.9.33-rc2 | |
| froxlor | eq | 0.9.39.2 | |
| froxlor | eq | 0.9.28.1 |
Related
cve
cve
CVE-2020-10237
2020-03-09 16:15:12
github
github
Froxlor Exposure of Sensitive Information to an Unauthorized Actor
2022-05-24 17:10:26
osv
osv
Froxlor Exposure of Sensitive Information to an Unauthorized Actor
2022-05-24 17:10:26
nvd
nvd
CVE-2020-10237
2020-03-09 16:15:12
prion
prion
Design/Logic Flaw
2020-03-09 16:15:00
cvelist
cvelist
CVE-2020-10237
2020-03-09 15:04:32