Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
nfpm vulnerable to Incorrect Default Permissions
Vulnerability Description
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
缺省权限不正确
Vulnerability Title
nFPM 安全漏洞
Vulnerability Description
nFPM是GoReleaser开源的一个用 Go 编写的简单 deb、rpm 和 apk 封装程序。 nFPM存在安全漏洞,该漏洞源于任何在打包前使用nfpm创建包而不检查/设置文件权限的人都可能导致文件/文件夹的权限错误。
CVSS Information
N/A
Vulnerability Type
N/A