PT-2017-13298 · Squiz · Squiz Matrix+1

Published

2017-11-30

Updated

2017-12-14

CVE-2017-14196

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Squiz Matrix versions 5.3 through 5.3.6.1 Squiz Matrix version 5.4.1.3

Description An issue in the 'File Bridge' plugin causes an information disclosure due to a Path Traversal issue, allowing the existence of files outside of the bridged path to be confirmed.

Recommendations For Squiz Matrix versions 5.3 through 5.3.6.1, consider disabling the 'File Bridge' plugin until a patch is available. For Squiz Matrix version 5.4.1.3, consider disabling the 'File Bridge' plugin until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-14196

Affected Products

File Bridge

Squiz Matrix

PT-2017-13298 · Squiz · Squiz Matrix+1

CVE-2017-14196

Weakness Enumeration

Related Identifiers

Affected Products

References · 3