Описание
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.
Ссылки
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.1 (исключая)
cpe:2.3:a:planka:planka:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.0035
Низкий
7.1 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.
EPSS
Процентиль: 57%
0.0035
Низкий
7.1 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-22