Lucene search

Veracode Vulnerability DatabaseVERACODE:37383

HistoryOct 03, 2022 - 5:20 a.m.

Path Traversal

2022-10-0305:20:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:M/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

16.4%

JSON

dnn.platform is vulnerable to path traversal. The vulnerability exists in logFilePath parameter of ServerSettingsLogsController.cs because administrative account privileges are not properly implemented which allows an attacker to read any system file in the application.

CPENameOperatorVersion
dnn.platformle9.9.0
dnn.platformle9.9.0

CPE	Name	Operator	Version
	dnn.platform	le	9.9.0
	dnn.platform	le	9.9.0

References

github.com/advisories/GHSA-fcpw-vqh5-6qwj

github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195

huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:M/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

16.4%

JSON

Related for VERACODE:37383