Candidate: CVE-2014-6275
PublicDate: 2020-01-02 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6275
 https://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html
Description:
 FusionForge before 5.3.2 use scripts that run under the shared Apache user,
 which is also used by project homepages by default. If project webpages are
 hosted on the same server than FusionForge, it can allow users to
 incorrectly access on-disk private data in FusionForge.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [5.9 MEDIUM]

Patches_fusionforge:
upstream_fusionforge: released (5.3.2-1)
precise_fusionforge: ignored (reached end-of-life)
precise/esm_fusionforge: DNE (precise was needs-triage)
trusty_fusionforge: DNE
trusty/esm_fusionforge: DNE
vivid_fusionforge: DNE
vivid/stable-phone-overlay_fusionforge: DNE
vivid/ubuntu-core_fusionforge: DNE
wily_fusionforge: not-affected (6.0.2+20150708-1)
xenial_fusionforge: not-affected (6.0.2+20150708-1)
yakkety_fusionforge: not-affected (6.0.2+20150708-1)
zesty_fusionforge: not-affected (6.0.2+20150708-1)
devel_fusionforge: not-affected (6.0.2+20150708-1)