CVE-2021-41714

2022-05-2316:16:06

Google

osv.dev

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

JSON

In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.

CPENameOperatorVersion
tipaskeq3.2.1
tipaskeq3.3.1
tipaskeq3.5.3
tipaskeq3.5.1
tipaskeq3.5.2
tipaskeq3.5.5
tipaskeq3.2.0
tipaskeq3.5.0
tipaskeq3.5.9

Name	Operator	Version
tipask	eq	3.2.1
tipask	eq	3.3.1
tipask	eq	3.5.3
tipask	eq	3.5.1
tipask	eq	3.5.2
tipask	eq	3.5.5
tipask	eq	3.2.0
tipask	eq	3.5.0
tipask	eq	3.5.9

References

github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42

github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69

www.yuque.com/henry-weply/penetration/fza5hm