CVE-2015-5723: Remote Code Execution due to incorrect permissions mask

June 7, 2016 (updated November 28, 2016)

The permission masks is not properly set when creating a new directory or file. This can lead to local arbitrary code execution or privilege escalation. Such attacks typically require direct access to a user of the system to exploit, but are dangerous vectors when available.

References

framework.zend.com/security/advisory/ZF2015-07

Detect and mitigate CVE-2015-5723 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →