Lucene search

GitHub Advisory DatabaseGHSA-JCGC-VXQG-85XX

HistoryMay 13, 2022 - 1:06 a.m.

Sensitive Data Exposure in elFinder

2022-05-1301:06:16

CWE-200

GitHub Advisory Database

github.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

50.7%

JSON

php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP’s curl extension is enabled and safe_mode or open_basedir is not set.

CPENameOperatorVersion
studio-42/elfinderlt2.1.45

CPE	Name	Operator	Version
	studio-42/elfinder	lt	2.1.45

References

github.com/advisories/GHSA-jcgc-vxqg-85xx

github.com/Studio-42/elFinder/commit/f133163f2d754584de65d718b2fde96191557316

github.com/Studio-42/elFinder/releases/tag/2.1.45

nvd.nist.gov/vuln/detail/CVE-2019-5884

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

50.7%

JSON

Related for GHSA-JCGC-VXQG-85XX