Lucene search

Veracode Vulnerability DatabaseVERACODE:8141

HistoryJan 11, 2019 - 10:28 a.m.

Information Disclosure

2019-01-1110:28:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

studio-42/elfinder is vulnerable to information disclosure. An attacker is able to obtain confidential information when the PHP’s curl extension, and when safe_mode or open_basedir is not configured.

CPENameOperatorVersion
studio-42/elfinderle2.1.44

CPE	Name	Operator	Version
	studio-42/elfinder	le	2.1.44

References

github.com/Studio-42/elFinder/commit/f133163f2d754584de65d718b2fde96191557316

github.com/Studio-42/elFinder/releases/tag/2.1.45

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:8141