CVE-2020-24925

Опубликовано: 15 сент. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 3.5

EPSS Низкий

Описание

A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php

Ссылки

https://vyshnavvizz.blogspot.com/2020/09/sensitive-information-disclosure-source.html
Exploit
Third Party Advisory
https://www.elkarbackup.org/
Product
https://vyshnavvizz.blogspot.com/2020/09/sensitive-information-disclosure-source.html
Exploit
Third Party Advisory
https://www.elkarbackup.org/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elkarbackup:elkarbackup:1.3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00317

Низкий

7.5 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-209

Связанные уязвимости

CVE-2020-24925

CVSS3: 7.5

debian

больше 5 лет назад

A Sensitive Source Code Path Disclosure vulnerability is found in Elka ...

GHSA-87p9-xf94-p7qh

github

больше 3 лет назад