Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
https://security.gentoo.org/glsa/202007-51
https://svn.filezilla-project.org/filezilla?view=revision&revision=9112
Source: MITRE
Published: 2019-04-29
Updated: 2020-07-28
Type: CWE-426
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
OR
cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
138974 | GLSA-202007-51 : FileZilla: Untrusted search path | Nessus | Gentoo Local Security Checks | medium |
124702 | Fedora 28 : filezilla / libfilezilla (2019-d109db9c8a) | Nessus | Fedora Local Security Checks | medium |