Lucene search

PRIOn knowledge basePRION:CVE-2014-8082

HistoryOct 31, 2014 - 2:55 p.m.

Design/Logic Flaw

2014-10-3114:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.2%

JSON

lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.

CPENameOperatorVersion
testlinkle1.9.12

CPE	Name	Operator	Version
	testlink	le	1.9.12

References

karmainsecurity.com/KIS-2014-12

mantis.testlink.org/view.php?id=6651

packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html

seclists.org/fulldisclosure/2014/Oct/106

www.securityfocus.com/archive/1/533799/100/0/threaded

www.securityfocus.com/bid/70713

exchange.xforce.ibmcloud.com/vulnerabilities/97728

gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.2%

JSON

Related for PRION:CVE-2014-8082