The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
Software | From | Fixed in |
---|---|---|
gallery_project / gallery | 2.0 | 2.0.x |
gallery_project / gallery | 2.0_alpha1 | 2.0_alpha1.x |
gallery_project / gallery | 2.0_alpha2 | 2.0_alpha2.x |
gallery_project / gallery | 2.0_alpha3 | 2.0_alpha3.x |
gallery_project / gallery | 2.0_alpha4 | 2.0_alpha4.x |
gallery_project / gallery | 2.0_beta1 | 2.0_beta1.x |
gallery_project / gallery | 2.0_beta2 | 2.0_beta2.x |
gallery_project / gallery | 2.0_beta3 | 2.0_beta3.x |
gallery_project / gallery | 2.0_rc1 | 2.0_rc1.x |
gallery_project / gallery | 2.0_rc2 | 2.0_rc2.x |
gallery_project / gallery | 2.0.1 | 2.0.1.x |