7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
doctrine/phpcr-odm is vulnerable to privilege escalation and arbitrary code execution. The vulnerability exists due to incorrect writable permissions in cache directories, allowing local attackers to escalate privileges and/or execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
doctrine/phpcr-odm | le | 1.2.4 | |
doctrine/phpcr-odm | le | 1.2.4 |
framework.zend.com/security/advisory/ZF2015-07
www.debian.org/security/2015/dsa-3369
www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
bugzilla.redhat.com/show_bug.cgi?id=1347924
framework.zend.com/security/advisory/ZF2015-07
lists.fedoraproject.org/archives/list/[email protected]/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/
lists.fedoraproject.org/archives/list/[email protected]/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/
www.debian.org/security/2015/dsa-3369
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C