Lucene search
GregoryvperryH1:298862HistoryDec 17, 2017 - 12:36 a.m.
Uber: It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without
2017-12-1700:36:48
gregoryvperry
hackerone.com
18
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.008 Low
EPSS
Percentile
79.1%
Summary
Configuration file and/or source code information leakage without Uber OneLogin SSO authentication.
Security Impact
Misconfiguration on the server results in information leakage without authentication.
Reproduction Steps
https://uchat.awscorp.uberinternal.com/static/main.740f5a0b92c00e72e2e1.js
Specifics
- https://vulners.com/cve/CVE-2005-2169
- https://vulners.com/cve/CVE-2005-0202
- https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion
Impact
Access to internal configuration files, system names, and source code.
Related
hackerone
hackerone
cve
cve
CVE-2005-2169
2005-07-06 04:00:00
CVE-2005-0202
2005-05-02 04:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200502-11 (mailman)
2008-09-24 00:00:00
SLES9: Security update for mailman
2009-10-10 00:00:00
Ubuntu: Security Advisory (USN-78-1)
2022-08-26 00:00:00
ubuntucve
ubuntucve
CVE-2005-0202
2005-05-02 00:00:00
debiancve
debiancve
CVE-2005-0202
2005-05-02 04:00:00
nessus
nessus
GLSA-200502-11 : Mailman: Directory traversal vulnerability
2005-02-14 00:00:00
Ubuntu 4.10 : mailman vulnerabilities (USN-78-1)
2006-01-15 00:00:00
redhat
redhat
(RHSA-2005:136) mailman security update
2005-02-10 00:00:00
(RHSA-2005:137) mailman security update
2005-02-15 00:00:00
securityvulns
securityvulns
freebsd
freebsd
mailman -- directory traversal vulnerability
2005-01-02 00:00:00
ubuntu
ubuntu
Fixed mailman packages for USN-78-1
2005-02-17 00:00:00
Mailman vulnerability
2005-02-10 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:08:56
gentoo
gentoo
Mailman: Directory traversal vulnerability
2005-02-10 00:00:00
debian
debian
[SECURITY] [DSA 674-1] New mailman packages fix several vulnerabilities
2005-02-10 11:51:35
[SECURITY] [DSA 674-1] New mailman packages fix several vulnerabilities
2005-02-10 00:00:00
osv
osv
mailman - cross-site scripting, directory traversal
2005-02-21 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.008 Low
EPSS
Percentile
79.1%
Related for H1:298862