CVE-2020-23995

Sažetak

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.

Reference

https://docu.ilias.de/goto_docu_pg_124761_35.html
https://docu.ilias.de/goto_docu_pg_122177_35.html
https://github.com/ILIAS-eLearning/ILIAS/commit/94d9b16010ec3abeae8d2cbb05622ccd999119ad
https://docu.ilias.de/goto_docu_pg_118817_35.html
https://cwe.mitre.org/data/definitions/209.html

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

26-10-2022 - 13:48

Objavljeno

13-05-2021 - 20:15