PT-2022-9921 · Unknown · Northstar Club Management

Alexandre Larocque

Published

2022-02-04

Updated

2022-02-08

CVE-2021-29395

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions NorthStar Club Management version 6.3

Description The issue allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application due to directory traversal in the /northstar/filemanager/download.jsp endpoint.

Recommendations For NorthStar Club Management version 6.3, consider restricting access to the /northstar/filemanager/download.jsp endpoint until a patch is available. As a temporary workaround, limit the ability to download files to only necessary personnel to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-29395

Affected Products

Northstar Club Management

PT-2022-9921 · Unknown · Northstar Club Management

CVE-2021-29395

Weakness Enumeration

Related Identifiers

Affected Products

References · 5