CVE-2018-3715

Опубликовано: 07 июн. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.

Ссылки

https://github.com/jarofghosts/glance/commit/8cfd88e44ebd3f07e3a2eaf376a3e758b6c4ca19
Patch
Third Party Advisory
https://hackerone.com/reports/310106
Exploit
Issue Tracking
Third Party Advisory
https://github.com/jarofghosts/glance/commit/8cfd88e44ebd3f07e3a2eaf376a3e758b6c4ca19
Patch
Third Party Advisory
https://hackerone.com/reports/310106
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:glance_project:glance:*:*:*:*:*:node.js:*:*

Версия до 3.0.4 (исключая)

EPSS

Процентиль: 54%

0.00316

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-2x4q-6jfv-8h9h