File Access Vulnerability in DBI Module for Perl by CPAN
CVE-2014-10402

6.1MEDIUM

Key Information:

Vendor: Perl
Status: Dbi
Vendor: CVE Published:; 16 September 2020

What is CVE-2014-10402?

A vulnerability in the DBI module for Perl allows DBD::File drivers to access files from directories other than those explicitly specified via the f_dir attribute in the data source name (DSN). This issue arises due to an incomplete fix for a previously identified vulnerability. As a result, malicious actors may exploit this to access sensitive files, posing a risk to data integrity and privacy.

References

https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-...

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2022/05/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2020
Vulnerability Reserved
Sep 16, 2020