3 matches found
PT-2024-23239 · Apache · Apache Dolphinscheduler
Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions 3.1.0 through 3.2.1 Description: A file read and write vulnerability exists in Apache DolphinScheduler, allowing authenticated users to illegally access additional resource files. Recommendations: For Apache...
Resource file path traversal in IconDownloadResourceManager
To reproduce: 1. Create a new page title doesn't matter. 2. Insert an image with URL: code:none /confluence/images/icons/profilepics/../../../WEB-INF/classes/crowd.properties code with /confluence/ replaced with the correct base path. Edit the page, click +, click Image, select the From the Web...
Resource file path traversal in IconDownloadResourceManager
To reproduce: 1. Create a new page title doesn't matter. 2. Insert an image with URL: code:none /confluence/images/icons/profilepics/../../../WEB-INF/classes/crowd.properties code with /confluence/ replaced with the correct base path. Edit the page, click +, click Image, select the From the Web...