Lucene search

K
jvnJapan Vulnerability NotesJVN:27548431
HistoryOct 02, 2015 - 12:00 a.m.

JVN#27548431: gollum vulnerable to file exposure

2015-10-0200:00:00
Japan Vulnerability Notes
jvn.jp
9

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.005

Percentile

76.4%

gollum is a wiki system that uses git repositories. gollum contains a vulnerability which may allow an attacker to view arbitrary files on the server.

Impact

A remote attacker may view arbitrary files on the server.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

  • gollum v4.0.0 and earlier

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.005

Percentile

76.4%

Related for JVN:27548431