exploitDog

CVE-2021-29395

Опубликовано: 04 фев. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.

Ссылки

https://Ardent-Security.com
Third Party Advisory
https://ardent-security.com/en/advisory/asa-2021-03/
Third Party Advisory
https://Ardent-Security.com
Third Party Advisory
https://ardent-security.com/en/advisory/asa-2021-03/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:globalnorthstar:northstar_club_management:6.3:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.0117

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-pq4v-8cpp-x9jj

github

почти 4 года назад

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.

EPSS

Процентиль: 78%

0.0117

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22