PT-2020-15153 · Zrlog · Zrlog
Rank0
·
Published
2020-08-25
·
Updated
2020-09-03
·
CVE-2020-19005
CVSS v3.1
5.7
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
zrlog version 2.1.0
Description
The issue concerns a permission check flaw. When an admin account is logged in, unauthorized users can directly download the database backup file.
Recommendations
For zrlog version 2.1.0, consider restricting access to the database backup file until a patch is available. As a temporary workaround, review and strengthen permission checks to prevent unauthorized downloads.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zrlog