Описание
All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/". A malicious actor could identify the existence of users by requesting share information on specified share paths.
Уязвимые конфигурации
Конфигурация 1Версия до 21.3.0.18447 (исключая)
cpe:2.3:a:filecloud:filecloud:*:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00237
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<username>". A malicious actor could identify the existence of users by requesting share information on specified share paths.
EPSS
Процентиль: 47%
0.00237
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200