exploitDog

CVE-2020-23490

Опубликовано: 16 нояб. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.

Ссылки

https://cube01.io/blog/Avideo-Remote-Code-Execution.html
Exploit
Third Party Advisory
https://github.com/WWBN/AVideo/commit/218c98cbd4a4a2c15745852bcd0f29faf101bd8c
Patch
Third Party Advisory
https://cube01.io/blog/Avideo-Remote-Code-Execution.html
Exploit
Third Party Advisory
https://github.com/WWBN/AVideo/commit/218c98cbd4a4a2c15745852bcd0f29faf101bd8c
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*

Версия до 8.9 (исключая)

EPSS

Процентиль: 95%

0.16676

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5529-jvgg-87h8

github

больше 3 лет назад

There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.

EPSS

Процентиль: 95%

0.16676

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo