CVE-2020-13452

Опубликовано: 07 янв. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution.

Ссылки

http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html
Third Party Advisory
VDB Entry
https://github.com/thecodingmachine/gotenberg/issues/199
Third Party Advisory
http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html
Third Party Advisory
VDB Entry
https://github.com/thecodingmachine/gotenberg/issues/199
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thecodingmachine:gotenberg:*:*:*:*:*:*:*:*

Версия до 6.2.1 (включая)

EPSS

Процентиль: 59%

0.00387

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-p869-hg26-w7c6

github

больше 3 лет назад