Описание
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.
Уязвимые конфигурации
Конфигурация 1Версия до 20.0 (исключая)
cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
7.5 High
CVSS3
Дефекты
CWE-497
Связанные уязвимости
CVSS3: 7.5
github
около 2 месяцев назад
AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.
EPSS
Процентиль: 12%
0.0004
Низкий
7.5 High
CVSS3
Дефекты
CWE-497