CVE-2014-6275

MEDIUM

FusionForge <5.3.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2014-6275

Scores

CVSS v3 5.9
EPSS 0.0094
EPSS Percentile 56.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
debian/debian_linux 8.0
fusionforge/fusionforge < 5.3.2
Published Jan 02, 2020
Tracked Since Feb 18, 2026