CVE-2014-0468

{"id": "CVE-2014-0468", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-06-26T21:15:27.527", "references": [{"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html", "tags": ["Broken Link"], "source": "security@debian.org"}, {"url": "https://web.archive.org/web/20151019035734/http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@debian.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that \nthe users would have uploaded in their raw SCM repositories (SVN, Git, \nBzr...). This issue affects fusionforge: before 5.3+20140506."}, {"lang": "es", "value": "Vulnerabilidad en fusionforge en la configuraci\u00f3n de Apache de f\u00e1brica, donde el servidor web podr\u00eda ejecutar scripts que los usuarios habr\u00edan subido a sus repositorios SCM sin procesar (SVN, Git, Bzr, etc.). Este problema afecta a fusionforge: versiones anteriores a 5.3+20140506."}], "lastModified": "2025-08-06T16:34:59.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fusionforge:fusionforge:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9381B16D-C319-4E04-A4F5-F76F10D24E0F", "versionEndExcluding": "5.3\\+20140506."}], "operator": "OR"}]}], "sourceIdentifier": "security@debian.org"}