PT-2019-11262 · Chartmuseum · Chartmuseum
Published
2019-02-04
·
Updated
2019-02-08
·
CVE-2019-1000009
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
ChartMuseum versions 0.1.0 through 0.8.0
Description:
The issue allows a specially crafted chart to be uploaded and saved outside the intended location due to a path traversal vulnerability in the HTTP API. This can be exploited via a POST request to the HTTP API, potentially allowing a chart archive to be saved outside of the intended directory. If authentication is enabled, this requires an authorized user to exploit.
Recommendations:
For ChartMuseum versions 0.1.0 through 0.8.0, update to version 0.8.1 to resolve the issue.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chartmuseum