CVE-2024-48651

Name
CVE-2024-48651
Description
In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://github.com/proftpd/proftpd/issues/1830
https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a
cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:* proftpd >= 0 <= 1.3.8b
cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:* proftpd >= 0 < cec01cc

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
proftpd edge-community 1.3.8b-r2 Simon Frankenberger <simon-alpine@fraho.eu> possibly vulnerable
proftpd 3.20-community 1.3.8b-r2 Simon Frankenberger <simon-alpine@fraho.eu> possibly vulnerable