Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2022/05/msg00037.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7WUJWTJA55ILACKLTJFSQUYEBHVYENL/ | |
https://security.gentoo.org/glsa/202007-51 | Third Party Advisory |
https://svn.filezilla-project.org/filezilla?view=revision&revision=9112 | Patch Vendor Advisory |
https://www.tenable.com/security/research/tra-2019-14 | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:11
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
11 Oct 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Debian debian Linux Debian Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7WUJWTJA55ILACKLTJFSQUYEBHVYENL/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202007-51 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00037.html - Mailing List, Third Party Advisory |
26 May 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-04-29 15:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-5429
Mitre link : CVE-2019-5429
CVE.ORG link : CVE-2019-5429
JSON object : View
Products Affected
fedoraproject
- fedora
filezilla-project
- filezilla_client
debian
- debian_linux
CWE
CWE-426
Untrusted Search Path