Lucene search

MitreCVE-2019-7535

HistoryFeb 07, 2019 - 4:29 p.m.

CVE-2019-7535

2019-02-0716:29:00

CWE-200

mitre

web.nvd.nist.gov

gurock testrail

cve-2019-7535

information security

data disclosure

php technology

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.

Affected configurations

Nvd

Node

gurocktestrailMatch5.3.0.3603

VendorProductVersionCPE
gurocktestrail5.3.0.3603cpe:2.3:a:gurock:testrail:5.3.0.3603:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gurock	testrail	5.3.0.3603	cpe:2.3:a:gurock:testrail:5.3.0.3603:::::::*

References

gist.github.com/nenf/2f16cd547c2afe166d1cb3f88f18bf81

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

Related for CVE-2019-7535