PT-2022-9924 · Unknown · Northstar Club Management
Alexandre Larocque
·
Published
2022-02-04
·
Updated
2022-02-08
·
CVE-2021-29398
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
NorthStar Club Management version 6.3
Description
The issue allows remote unauthenticated users to browse and list directories across the entire filesystem of the host of the web application through a directory traversal vulnerability in the /northstar/Common/NorthFileManager/fileManagerObjects.jsp endpoint.
Recommendations
For NorthStar Club Management version 6.3, update to a version that fixes the directory traversal issue in the /northstar/Common/NorthFileManager/fileManagerObjects.jsp endpoint to prevent unauthorized access to the filesystem. As a temporary workaround, consider restricting access to the /northstar/Common/NorthFileManager/fileManagerObjects.jsp endpoint until a patch is available.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Northstar Club Management