Lucene search

K

[email protected]NVD:CVE-2008-4129

HistorySep 18, 2008 - 8:00 p.m.

CVE-2008-4129

2008-09-1820:00:00

CWE-22

[email protected]

web.nvd.nist.gov

3

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.8%

Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.

Affected configurations

NVD

Node

gallerygalleryRange≤2.2.5

OR

gallerygalleryMatch2.2.0

OR

gallerygalleryMatch2.2.1

OR

gallerygalleryMatch2.2.2

OR

gallerygalleryMatch2.2.3

OR

gallerygalleryMatch2.2.4

Node

gallerygalleryRange≤1.5.8

References

gallery.menalto.com/gallery_1.5.9_released

gallery.menalto.com/gallery_2.2.6_released

secunia.com/advisories/31912

secunia.com/advisories/32662

secunia.com/advisories/33144

security.gentoo.org/glsa/glsa-200811-02.xml

www.securityfocus.com/bid/31231

exchange.xforce.ibmcloud.com/vulnerabilities/45228

www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html

www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.8%

Related for NVD:CVE-2008-4129

ubuntucve1 cve1 prion1 cvelist1 openvas10 nessus4 fedora3 gentoo1 securityvulns1