OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24717
Reference (s):
- https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f
- https://github.com/openzfs/zfs/compare/zfs-0.8.4 zfs-2.0.0-rc1
- https://jira.ixsystems.com/browse/NAS-107270
- https://reviews.freebsd.org/D26107