25 matches found
CVE-2023-32698 nfpm vulnerable to Incorrect Default Permissions
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...
nFPM 安全漏洞
nFPM is a GoReleaser open source simple deb, rpm and apk packaging program written in Go. There is a security vulnerability in nFPM that stems from the fact that anyone using nFPM to create packages without checking/setting file permissions prior to packaging can result in incorrect permissions o...
GHSA-W7JW-Q4FG-QC4C nfpm has incorrect default permissions
Summary When building packages directly from source control, file permissions on the checked-in files are not maintained. Details When building packages directly from source control, file permissions on the checked-in files are not maintained. When nfpm packaged the files without extra config for...
nfpm has incorrect default permissions
Summary When building packages directly from source control, file permissions on the checked-in files are not maintained. Details When building packages directly from source control, file permissions on the checked-in files are not maintained. When nfpm packaged the files without extra config for...
PT-2023-23971 · Nfpm · Nfpm
Name of the Vulnerable Software and Affected Versions: nfpm affected versions not specified Description: The issue arises when nfpm packages files without maintaining the original file permissions from the source control. This can result in files being packaged with incorrect permissions, such as...