Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2019-13915 | First vendor Publication | 2019-07-18 |
Vendor | Cve | Last vendor Modification | 2020-08-24 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | |||
---|---|---|---|
Overall CVSS Score | 7.5 | ||
Base Score | 7.5 | Environmental Score | 7.5 |
impact SubScore | 3.6 | Temporal Score | 7.5 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | None | Availability Impact | None |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. An unzip operation leads to read access, and write access (depending on file permissions), to the symlink target. Third, the attacker can import a Git repository that contains a symlink, similarly leading to read and write access. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13915 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
50 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Sources (Detail)
Source | Url |
---|---|
MISC | https://github.com/b3log/wide/issues/355 |
Alert History
Date | Informations |
---|---|
2021-05-04 13:23:17 |
|
2021-04-22 02:38:14 |
|
2020-09-03 01:25:36 |
|
2020-05-23 02:24:45 |
|
2019-07-25 21:19:35 |
|
2019-07-18 21:21:05 |
|