An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
No history.
Information
Published : 2019-03-09 00:29
Updated : 2024-02-04 20:20
NVD link : CVE-2019-9637
Mitre link : CVE-2019-9637
CVE.ORG link : CVE-2019-9637
JSON object : View
Products Affected
debian
- debian_linux
netapp
- storage_automation_store
canonical
- ubuntu_linux
php
- php
opensuse
- leap
CWE
CWE-264
Permissions, Privileges, and Access Controls