CVE-2018-11789

Sažetak

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.

Reference

http://www.securityfocus.com/bid/107430
https://lists.apache.org/thread.html/5ea1a102d87a47c5912d745fa0d5dfa2830fc94099cbc30911f095b9%40%3Cdev.heron.apache.org%3E

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:51

Objavljeno

21-03-2019 - 16:00