Unrated severityNVD Advisory· Published Dec 4, 2009· Updated Apr 23, 2026

CVE-2009-3304

Description

GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php.

Affected products

GForge/Gforge3 versions
cpe:2.3:a:gforge:gforge:4.5.14:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:gforge:gforge:4.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:gforge:gforge:4.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:gforge:gforge:4.8.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13.diff.gznvdPatch
www.debian.org/security/2009/dsa-1945nvdPatch
www.securityfocus.com/bid/37195nvdPatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000