CVE-2025-22620

MEDIUM Year: 2025
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-281
View all →

Vulnerability Description

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations. This vulnerability is fixed in 0.17.0.

Related Vulnerabilities

CVE-2024-23464

MEDIUM
CVSS:4.9(Medium)

In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1

CWE-2812024

CVE-2024-23560

MEDIUM
CVSS:4.9(Medium)

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.

CWE-2812024

CVE-2024-57439

MEDIUM
CVSS:4.9(Medium)

An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.

CWE-2812024

CVE-2020-7063

MEDIUM
CVSS:5.3(Medium)

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (066...

CWE-2812020

CVE-2020-8633

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.

CWE-2812020

CVE-2020-9781

MEDIUM
CVSS:5.3(Medium)

The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.

CWE-2812020