3 matches found
CVE-2023-46864
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request...
CVE-2023-46864
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request...
CVE-2023-46864
Peppermint Ticket Management vulnerability CVE-2023-46864 affects versions up to 0.2.4. The issue is a path traversal in the API endpoint /api/v1/ticket/1/file/download?filepath=../, allowing remote attackers to read arbitrary files. Root cause: the filepath parameter is not properly validated, e...