Описание
In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting.
Ссылки
- Third Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0 (исключая)
Одно из
cpe:2.3:a:dynmap_project:dynmap:*:*:*:*:*:*:*:*
cpe:2.3:a:dynmap_project:dynmap:3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:dynmap_project:dynmap:3.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:dynmap_project:dynmap:3.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:dynmap_project:dynmap:3.0:rc3:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00325
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login despite an enabled login-required setting.
EPSS
Процентиль: 55%
0.00325
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287