Описание
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.8.0 (исключая)
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
3.5 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-209
CWE-209
Связанные уязвимости
CVSS3: 3.5
github
9 месяцев назад
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.
EPSS
Процентиль: 17%
0.00054
Низкий
3.5 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-209
CWE-209