Описание
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | h2 | Not affected | ||
| Red Hat JBoss BRMS 5 | h2 | Out of support scope | ||
| Red Hat JBoss BRMS 6 | h2 | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | h2 | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | h2 | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 7 | h2 | Will not fix | ||
| Red Hat JBoss Fuse 6 | h2 | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | h2 | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | h2 | Out of support scope | ||
| Red Hat JBoss SOA Platform 5 | h2 | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
EPSS
4.3 Medium
CVSS3