CVE-2018-14335

Опубликовано: 24 июл. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

Ссылки

https://access.redhat.com/errata/RHSA-2020:0727
https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20
Exploit
Third Party Advisory
https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E
https://security.netapp.com/advisory/ntap-20240726-0003/
https://www.exploit-db.com/exploits/45105/
Exploit
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2020:0727
https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20
Exploit
Third Party Advisory
https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E
https://security.netapp.com/advisory/ntap-20240726-0003/
https://www.exploit-db.com/exploits/45105/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:h2database:h2:1.4.197:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08596

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-59

CWE-276

Связанные уязвимости

CVE-2018-14335

CVSS3: 6.5

ubuntu

больше 7 лет назад

CVE-2018-14335

CVSS3: 4.3

redhat

больше 7 лет назад

GHSA-wm64-883p-84j3

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 92%

0.08596

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-59

CWE-276