exploitDog

GHSA-9v5j-4424-9fr7

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.1

Описание

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.

Ссылки

EPSS

Процентиль: 44%

0.00216

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-276

Связанные уязвимости

CVE-2020-5196

CVSS3: 8.1

nvd

около 6 лет назад

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.

EPSS

Процентиль: 44%

0.00216

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-276