CVE-2020-19005

Sažetak

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.

Reference

https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba
https://github.com/94fzb/zrlog/issues/48

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

03-09-2020 - 15:11

Objavljeno

25-08-2020 - 22:15