CVE-2018-19960 - CERT CVE
ID CVE-2018-19960
Sažetak The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
Reference
CVSS
Base: 4.4
Impact: 6.4
Exploitability:3.4
Pristup
VektorSloženostAutentikacija
LOCAL MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:L/AC:M/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje 05-02-2019 - 19:59
Objavljeno 07-12-2018 - 16:29