Описание
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
Ссылки
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zrlog:zrlog:2.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00193
Низкий
5.7 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-863
Связанные уязвимости
github
больше 3 лет назад
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
EPSS
Процентиль: 41%
0.00193
Низкий
5.7 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-863