Описание
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
Ссылки
- ExploitMitigationThird Party Advisory
- ExploitThird Party Advisory
- ExploitMitigationThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.13 (исключая)
cpe:2.3:a:gnu:savane:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00835
Низкий
7.5 High
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 7.5
github
почти 2 года назад
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
EPSS
Процентиль: 74%
0.00835
Низкий
7.5 High
CVSS3
Дефекты
CWE-639