Lucene search

GitHub Advisory DatabaseGHSA-XG75-3277-GVVJ

HistoryMar 25, 2019 - 6:04 p.m.

Directory Traversal in serve

2019-03-2518:04:01

CWE-22

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.009 Low

EPSS

Percentile

82.8%

JSON

Versions of serve before 7.1.3 are vulnerable to Directory Traversal. File paths are not sanitized leading to unauthorized access of system files.

Recommendation

Upgrade to version 7.1.3 or later

Affected configurations

Vulners

Node

sugarcrmsugarcrmRange<7.1.3serve

CPENameOperatorVersion
servelt7.1.3

CPE	Name	Operator	Version
	serve	lt	7.1.3

References

github.com/advisories/GHSA-xg75-3277-gvvj

hackerone.com/reports/358645

nvd.nist.gov/vuln/detail/CVE-2019-5417

www.npmjs.com/advisories/795

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.009 Low

EPSS

Percentile

82.8%

JSON

Related for GHSA-XG75-3277-GVVJ