Lucene search

[email protected]NVD:CVE-2021-36233

HistoryAug 31, 2021 - 6:15 p.m.

CVE-2021-36233

2021-08-3118:15:08

CWE-552

[email protected]

web.nvd.nist.gov

mik.starlight 7.9.5.24363

admingetfirstfilecontentbyfilepath

filesystem read

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

32.6%

JSON

The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.

Affected configurations

Nvd

Node

unit4mik.starlightMatch7.9.5.24363

VendorProductVersionCPE
unit4mik.starlight7.9.5.24363cpe:2.3:a:unit4:mik.starlight:7.9.5.24363:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
unit4	mik.starlight	7.9.5.24363	cpe:2.3:a:unit4:mik.starlight:7.9.5.24363:::::::*

References

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-037.txt

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

32.6%

JSON

Related for NVD:CVE-2021-36233

cnvd1 cvelist1 prion1 cve1