[Bug 68664] New: CVE-2024-22029 Incorrect default permissions vulnerability

bugzilla Fri, 23 Feb 2024 06:25:07 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=68664


            Bug ID: 68664
           Summary: CVE-2024-22029  Incorrect default permissions
                    vulnerability
           Product: Tomcat 9
           Version: 9.0.86
          Hardware: All
                OS: All
            Status: NEW
          Severity: critical
          Priority: P2
         Component: WebSocket
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: -----

Blackduck raises a vulnerability during the Scan of our Tomcat V 9.0.86. with
the CVE-2024-22029:

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and
folders that are set by the application. A local user with access to the system
can view contents of files and directories or modify them.

Please fix ASAP. 

Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 68664] New: CVE-2024-22029 Incorrect default permissions vulnerability

Reply via email to