PT-2019-11262 · Chartmuseum · Chartmuseum
Publicado
2019-02-04
·
Atualizado
2019-02-08
·
CVE-2019-1000009
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
ChartMuseum versions 0.1.0 through 0.8.0
Description:
The issue allows a specially crafted chart to be uploaded and saved outside the intended location due to a path traversal vulnerability in the HTTP API. This can be exploited via a POST request to the HTTP API, potentially allowing a chart archive to be saved outside of the intended directory. If authentication is enabled, this requires an authorized user to exploit.
Recommendations:
For ChartMuseum versions 0.1.0 through 0.8.0, update to version 0.8.1 to resolve the issue.
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Chartmuseum