5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
PHP7 uses insecure file permissions. When creating PHAR archives using the PharData::buildFromIterator()
function, the files are added with default permissions (0666) even if the original files on the filesystem configured with more restrictive permissions, allowing any local user to access the files.
CPE | Name | Operator | Version |
---|---|---|---|
php7 | eq | 7.2.27-r0 | |
rh-php73-php | eq | 7.3.11__1.el7 | |
php7 | eq | 7.2.27-r0 | |
rh-php73-php | eq | 7.3.11__1.el7 |
lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
bugs.php.net/bug.php?id=79082
lists.debian.org/debian-lts-announce/2020/03/msg00034.html
security.gentoo.org/glsa/202003-57
usn.ubuntu.com/4330-1/
www.debian.org/security/2020/dsa-4717
www.debian.org/security/2020/dsa-4719
www.tenable.com/security/tns-2021-14
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N