Lucene search

[email protected]CVE-2019-18393

HistoryOct 24, 2019 - 11:15 a.m.

CVE-2019-18393

2019-10-2411:15:00

CWE-22

[email protected]

web.nvd.nist.gov

ignite realtime

openfire

cve-2019-18393

nvd

directory traversal

vulnerability

security

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.

CPENameOperatorVersion
igniterealtime:openfireigniterealtime openfirele4.4.2

CPE	Name	Operator	Version
igniterealtime:openfire	igniterealtime openfire	le	4.4.2

References

github.com/igniterealtime/Openfire/pull/1498

swarm.ptsecurity.com/openfire-admin-console/

Social References

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

Related for CVE-2019-18393

osv2 attackerkb1 github1 veracode1 prion1 nuclei1 cvelist1 openvas1