exploitDog

CVE-2020-7830

Опубликовано: 02 сент. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier.

Ссылки

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35582
Third Party Advisory
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35582
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:raonwiz:raon_kupload:*:*:*:*:*:*:*:*

Версия до 2018.0.2.50 (включая)

EPSS

Процентиль: 42%

0.00201

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-qr8m-vjgf-5975

github

больше 3 лет назад

RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier.

EPSS

Процентиль: 42%

0.00201

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20