Lucene search

GitHub Advisory DatabaseGHSA-Q7MF-HP9M-CX6F

HistoryApr 29, 2022 - 2:59 a.m.

Roundup Directory traversal vulnerability

2022-04-2902:59:35

CWE-22

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.

Affected configurations

Vulners

Node

rounduproundupRange≤0.6.4

CPENameOperatorVersion
rounduple0.6.4

CPE	Name	Operator	Version
	roundup	le	0.6.4

References

packetstormsecurity.nl/0406-exploits/roundUP.txt

secunia.com/advisories/11801

securitytracker.com/id?1010415

sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788

www.gentoo.org/security/en/glsa/glsa-200408-09.xml

www.securityfocus.com/bid/10495

exchange.xforce.ibmcloud.com/vulnerabilities/16350

github.com/advisories/GHSA-q7mf-hp9m-cx6f

nvd.nist.gov/vuln/detail/CVE-2004-1444

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for GHSA-Q7MF-HP9M-CX6F