Openzfs
CVE-2020-24717
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.
AnalysisAI
OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. Affected products include: Openzfs. Version information: before 2.0.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. Rated high severity (CVS
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficien
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today