CVE-2020-24717

EUVD-2020-17428
OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
openzfsopenzfs
𝑥
≤ 0.8.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f
https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1
https://jira.ixsystems.com/browse/NAS-107270
https://reviews.freebsd.org/D26107
https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f
https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1
https://jira.ixsystems.com/browse/NAS-107270
https://reviews.freebsd.org/D26107