CVE-2020-23995

Опубликовано: 13 мая 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.

Ссылки

https://cwe.mitre.org/data/definitions/209.html
Technical Description
https://docu.ilias.de/goto_docu_pg_118817_35.html
Release Notes
Vendor Advisory
https://docu.ilias.de/goto_docu_pg_122177_35.html
Release Notes
Vendor Advisory
https://docu.ilias.de/goto_docu_pg_124761_35.html
Release Notes
Vendor Advisory
https://github.com/ILIAS-eLearning/ILIAS/commit/94d9b16010ec3abeae8d2cbb05622ccd999119ad
Patch
Third Party Advisory
https://cwe.mitre.org/data/definitions/209.html
Technical Description
https://docu.ilias.de/goto_docu_pg_118817_35.html
Release Notes
Vendor Advisory
https://docu.ilias.de/goto_docu_pg_122177_35.html
Release Notes
Vendor Advisory
https://docu.ilias.de/goto_docu_pg_124761_35.html
Release Notes
Vendor Advisory
https://github.com/ILIAS-eLearning/ILIAS/commit/94d9b16010ec3abeae8d2cbb05622ccd999119ad
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*

Версия до 5.3.19 (исключая)

cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*

Версия от 5.4.0 (включая) до 5.4.12 (исключая)

EPSS

Процентиль: 71%

0.00686

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-209

Связанные уязвимости

CVE-2020-23995

CVSS3: 6.5

debian

больше 4 лет назад

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 ...

GHSA-mv89-p3h4-x57h

CVSS3: 6.5

github

больше 3 лет назад

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.

EPSS

Процентиль: 71%

0.00686

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-209