3 matches found
CVE-2018-11789
When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd...
CVE-2018-11789
creationtimestamp| type| source ---|---|--- 2019-03-21 19:26:49+00:00| seen| https://t.me/cibsecurity/3270...
CVE-2018-11789
CVE-2018-11789 corresponds to a path traversal vulnerability in Apache Heron’s user interface. The issue arises from failing to properly filter user-supplied input, allowing an attacker to modify the path parameter (for example, path=../../../../../../etc/passwd) to access files outside the conta...