PT-2018-12450 · H2 · H2

Owodelta

Publicado

2018-07-24

Atualizado

2024-10-29

CVE-2018-14335

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions H2 version 1.4.197

Description An issue was discovered in the handling of permissions in the backup function, allowing attackers to read sensitive files outside of their permissions via a symlink to a fake database file.

Recommendations For H2 version 1.4.197, consider disabling the backup function until a patch is available to prevent attackers from reading sensitive files. Restrict access to sensitive files and directories to minimize the risk of exploitation.

Exploit

Correção

Link Following

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59CWE-276

Identificadores relacionados

CVE-2018-14335

PT-2018-12450 · H2 · H2

CVE-2018-14335

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11