Design/Logic Flaw

2021-05-0705:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.7%

JSON

The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.

CPENameOperatorVersion
emissaryeq5.9.0

CPE	Name	Operator	Version
	emissary	eq	5.9.0

References

blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed

portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover