6 matches found
CVE-2023-32698 vulnerabilities
Vulnerabilities for packages: goreleaser...
CVE-2023-32698 vulnerabilities
Vulnerabilities for packages: goreleaser...
CVE-2023-32698
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...
CVE-2023-32698 nfpm vulnerable to Incorrect Default Permissions
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...
CVE-2023-32698
CVE-2023-32698 affects the nfpm tool (GoReleaser nfpm) where, if files are packaged without enforcing nfpm’s own permissions, checked‑in files could be created with dangerous permissions (e.g., 666 or 777). The root cause is incorrect/default file permission handling during packaging, leading to ...
CVE-2023-32698
creationtimestamp| type| source ---|---|--- 2023-05-24 01:46:24+00:00| published-proof-of-concept| https://github.com/goreleaser/nfpm/security/advisories/GHSA-w7jw-q4fg-qc4c 2023-05-30 08:34:10+00:00| seen| https://t.me/cibsecurity/64775...