PT-2017-13298 · Squiz · Squiz Matrix+1

Publicado

2017-11-30

Atualizado

2017-12-14

CVE-2017-14196

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Squiz Matrix versions 5.3 through 5.3.6.1 Squiz Matrix version 5.4.1.3

Description An issue in the 'File Bridge' plugin causes an information disclosure due to a Path Traversal issue, allowing the existence of files outside of the bridged path to be confirmed.

Recommendations For Squiz Matrix versions 5.3 through 5.3.6.1, consider disabling the 'File Bridge' plugin until a patch is available. For Squiz Matrix version 5.4.1.3, consider disabling the 'File Bridge' plugin until a patch is available.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2017-14196

Produtos afetados

File Bridge

Squiz Matrix

PT-2017-13298 · Squiz · Squiz Matrix+1

CVE-2017-14196

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3