Lucene search
Veracode Vulnerability DatabaseVERACODE:40772HistoryJun 02, 2023 - 12:10 p.m.
Information Disclosure
2023-06-0212:10:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
github
nfpm
information disclosure
vulnerability
permission configuration
file system
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
21.7%
github.com/goreleaser/nfpm is vulnerable to Information Disclosure. The vulnerability exists due to improper permission configuration in files and folders which allows an attacker access to the package on the file system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/goreleaser/nfpm | le | v2.28.0 | |
| github.com/goreleaser/nfpm | le | v2.28.0 |
Related
prion
prion
Code injection
2023-05-30 04:15:00
osv
osv
CVE-2023-32698
2023-05-30 04:15:10
nfpm has incorrect default permissions
2023-05-24 17:30:16
Incorrect permissions in github.com/goreleaser/nfpm/v2
2023-06-01 21:27:40
nvd
nvd
CVE-2023-32698
2023-05-30 04:15:10
alpinelinux
alpinelinux
CVE-2023-32698
2023-05-30 04:15:00
cve
cve
CVE-2023-32698
2023-05-30 04:15:10
github
github
nfpm has incorrect default permissions
2023-05-24 17:30:16
cvelist
cvelist
CVE-2023-32698 nfpm vulnerable to Incorrect Default Permissions
2023-05-30 03:56:30
wolfi
wolfi
CVE-2023-32698 vulnerabilities
2024-07-05 03:08:40
ibm
ibm
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
21.7%
Related for VERACODE:40772