Lucene search

[email protected]CVE-2020-8161

HistoryJul 02, 2020 - 7:15 p.m.

CVE-2020-8161

2020-07-0219:15:00

CWE-22

[email protected]

web.nvd.nist.gov

163

cve-2020-8161

directory traversal

rack

vulnerability

information disclosure

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.9%

JSON

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

CPENameOperatorVersion
rack_project:rackrack project racklt2.2.0
debian:debian_linuxdebian debian linuxeq9.0
debian:debian_linuxdebian debian linuxeq10.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq18.04

CPE	Name	Operator	Version
rack_project:rack	rack project rack	lt	2.2.0
debian:debian_linux	debian debian linux	eq	9.0
debian:debian_linux	debian debian linux	eq	10.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	18.04