Code injection

2020-08-2719:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.9%

JSON

OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.

CPENameOperatorVersion
openzfsle0.8.4

CPE	Name	Operator	Version
	openzfs	le	0.8.4

References

github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f

github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1

jira.ixsystems.com/browse/NAS-107270

reviews.freebsd.org/D26107