5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
80.1%
According to Maksymilian Arciemowicz research,
it is possible to bypass security restrictions
of safe_mode in various
functions via directory traversal vulnerability. The attacker
can use this attack to gain access to sensitive
information. Functions utilizing
expand_filepath() may be affected.
It should be noted that this vulnerability is not
considered to be serious by the FreeBSD Security Team,
since safe_mode and open_basedir
are insecure by design and should not be relied upon.