Vulnerabilities > CVE-2020-24716 - Incorrect Authorization vulnerability in Openzfs
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f
- https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f
- https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1
- https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1
- https://jira.ixsystems.com/browse/NAS-107270
- https://jira.ixsystems.com/browse/NAS-107270
- https://reviews.freebsd.org/D26107
- https://reviews.freebsd.org/D26107