CVE-2023-32698
CVE-2023-32698 affects the nfpm tool (GoReleaser nfpm) where, if files are packaged without enforcing nfpm’s own permissions, checked‑in files could be created with dangerous permissions (e.g., 666 or 777). The root cause is incorrect/default file permission handling during packaging, leading to ...