Lucene search
HistoryAug 23, 2022 - 1:15 a.m.
CVE-2019-25075
html injection
path traversal
gravitee api management
email service
arbitrary files
/management/users/register request
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
33.5%
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.
Affected configurations
Node
graviteeapi_managementRange<1.25.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gravitee | api_management | * | cpe:2.3:a:gravitee:api_management:*:*:*:*:*:*:*:* |
Related
osv
osv
CVE-2019-25075
2022-08-23 01:15:07
Path Traversal in Gravitee API Management
2022-08-24 00:00:31
Gravitee API Management contains Path Traversal
2023-01-04 00:30:26
cvelist
cvelist
CVE-2019-25075
2022-08-23 00:53:58
prion
prion
Path traversal
2022-08-23 01:15:00
veracode
veracode
Path Traversal
2022-08-23 09:15:33
github
github
Path Traversal in Gravitee API Management
2022-08-24 00:00:31
Gravitee API Management contains Path Traversal
2023-01-04 00:30:26
cve
cve
CVE-2019-25075
2022-08-23 01:15:07
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
33.5%
Related for NVD:CVE-2019-25075