CVE-2013-1090 — Opensuse vulnerability

CWE-2643 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 85.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Debian Php-horde

Timeline

PublishedDec 6

Latest updateMay 14

Description

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDopensuse/opensuse12.3

▶debiandebian/php-horde

🔴Vulnerability Details

GHSA

GHSA-x436-8x9q-6f6r: The SUSE horde5 package before 5↗2022-05-14

▶

📋Vendor Advisories

Debian

CVE-2013-1090: php-horde - The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain ...↗2013

▶