https://bz.apache.org/bugzilla/show_bug.cgi?id=68663
Bug ID: 68663 Summary: CVE-2024-22029 Incorrect default permissions vulnerability Product: Tomcat 9 Version: 9.0.86 Hardware: All OS: All Status: NEW Severity: critical Priority: P2 Component: WebSocket Assignee: dev@tomcat.apache.org Reporter: mustafa.bozde...@fisglobal.com Target Milestone: ----- Blackduck raises a vulnerability during the Scan of our Tomcat V 9.0.86. with the CVE-2024-22029: The vulnerability allows a local user to escalate privileges on the system. The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them. Please fix ASAP. Thanks! -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org