PT-2019-11510 · Linagora · Linagora Hublin
Published
2019-07-23
·
Updated
2019-07-26
·
CVE-2019-1010205
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff)
Description:
The issue allows an attacker to access any file with a fixed extension on the server. This is due to a Directory Traversal flaw in the web-view renderer component. The attack vector involves sending a specially crafted HTTP request.
Recommendations:
For LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff), consider restricting access to the web-view renderer component until a fix is available. As a temporary workaround, restrict the handling of specially crafted HTTP requests to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linagora Hublin