Описание
A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.
Ссылки
- Permissions RequiredThird Party Advisory
- MitigationVendor Advisory
- Release NotesVendor Advisory
- Permissions RequiredThird Party Advisory
- MitigationVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.8.3 (исключая)
cpe:2.3:a:helpsystems:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00575
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.
EPSS
Процентиль: 68%
0.00575
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22