3 matches found
CVE-2023-36654
Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys associated with a Linux root user by injecting paths inside REST API endpoint parameters...
CVE-2023-36654
Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys associated with a Linux root user by injecting paths inside REST API endpoint parameters...
CVE-2023-36654
ProLion CryptoSpike 3.0.15P2 contains a directory-traversal vulnerability in the log-download REST API endpoint. By injecting paths into API parameters, remote authenticated attackers can download SSH private keys from the host server (root-owned). Root cause: path traversal in the log-download e...