CVE-2008-0167

critical

Description

The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/42456

http://www.vupen.com/english/advisories/2008/1537/references

http://www.securityfocus.com/bid/29215

http://www.debian.org/security/2008/dsa-1577

http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz

http://secunia.com/advisories/30286

http://secunia.com/advisories/30088

Details

Source: Mitre, NVD

Published: 2008-05-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical