DRUPAL-CORE-2020-011

A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file...

CVE-2020-2267

A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller...

CVE-2020-2267

CVE-2020-2267 affects Jenkins MongoDB Plugin versions 1.3 and earlier, where a missing permission check allows users with Overall/Read to access metadata of arbitrary files on the Jenkins controller. The issue is described across multiple sources (Red Hat, NVD, CNVD, GHSA, OSV, etc.) with the cor...

PT-2020-15493 · Jenkins · Jenkins Mongodb Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MongoDB Plugin versions 1.3 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. This issue arises because the plug...

PT-2020-15492 · Jenkins · Jenkins Mongodb Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MongoDB Plugin versions 1.3 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller...

Information disclosure

In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file eg. a photo containing location metadata with no additional execution privileges needed. User...

Mahara 18.10 < 18.10.5, 19.04 < 19.04.4, 19.10 < 19.10.2 Multiple Vulnerabilities

Mahara is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if description...

Mahara Information Disclosure Vulnerability (CNVD-2020-16699)

Mahara is a full-featured web application for building your own ePortfolio. An information disclosure vulnerability exists in Mahara. The vulnerability can be exploited by a member of a group to gain unauthorized access to file metadata information in an Elasticsearch results list. No detailed...

CVE-2020-9386

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore...

CVE-2020-9386

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore...

CVE-2020-9386

The CVE-2020-9386 issue affects Mahara: versions 18.10.x before 18.10.5, 19.04.x before 19.04.4, and 19.10.x before 19.10.2. Root cause is improper access-control enforcement, causing file metadata to be disclosed to group members who no longer have access to the artefact in Elasticsearch result ...

PT-2020-20627 · Catalyst It · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 18.10 through 18.10.4 Mahara versions 19.04 through 19.04.3 Mahara versions 19.10 through 19.10.1 Description: The issue concerns the disclosure of file metadata information to group members in the Elasticsearch result list,...

CVE-2019-6239

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks...

CVE-2019-6239

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks...

Improper access control

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks...

CVE-2019-6239

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks...

Core FTP Server FTP SFTP Server v2 Build 674 - MDTM Directory Traversal

Core FTP Server FTP SFTP Server v2 Build 674 - MDTM Directory Traversal Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal Google Dork: N/A Date: 3/13/2019 Exploit Author: Kevin Randall Vendor Homepage: https://www.coreftp.com Software Link:...

GNU Wget: Password and metadata leak

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A vulnerability was discovered in GNU Wget’s filemetadata in xattr.c. Impact A local attacker could obtain sensitive information to include...

Vulnerability of the .NET Framework software platform, related to errors in the mechanism for checking the source file metadata, allows a perpetrator to execute arbitrary code with privileges of the current user.

The vulnerability of the .NET Framework software platform is related to errors in the mechanism for checking the source code of files. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with privileges of the current user, using a specially craft...

CVE-2018-20483

setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...