[Bug 68663] New: CVE-2024-22029 Incorrect default permissions vulnerability

bugzilla Fri, 23 Feb 2024 06:24:46 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=68663


            Bug ID: 68663
           Summary: CVE-2024-22029  Incorrect default permissions
                    vulnerability
           Product: Tomcat 9
           Version: 9.0.86
          Hardware: All
                OS: All
            Status: NEW
          Severity: critical
          Priority: P2
         Component: WebSocket
          Assignee: dev@tomcat.apache.org
          Reporter: mustafa.bozde...@fisglobal.com
  Target Milestone: -----

Blackduck raises a vulnerability during the Scan of our Tomcat V 9.0.86. with
the CVE-2024-22029:

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and
folders that are set by the application. A local user with access to the system
can view contents of files and directories or modify them.

Please fix ASAP. 

Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 68663] New: CVE-2024-22029 Incorrect default permissions vulnerability

Reply via email to