Vulnerabilites related to static-resource-server_project - static-resource-server
CVE-2018-16493 (GCVE-0-2018-16493)
Vulnerability from cvelistv5
Published
2019-02-01 18:00
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-548 - Information Exposure Through Directory Listing ()
Summary
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
HackerOne | static-resource-server |
Version: 1.7.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:24:32.903Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/432600" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "static-resource-server", "vendor": "HackerOne", "versions": [ { "status": "affected", "version": "1.7.2" } ] } ], "datePublic": "2019-02-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-548", "description": "Information Exposure Through Directory Listing (CWE-548)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-02-01T17:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/432600" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "support@hackerone.com", "ID": "CVE-2018-16493", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "static-resource-server", "version": { "version_data": [ { "version_value": "1.7.2" } ] } } ] }, "vendor_name": "HackerOne" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Exposure Through Directory Listing (CWE-548)" } ] } ] }, "references": { "reference_data": [ { "name": "https://hackerone.com/reports/432600", "refsource": "MISC", "url": "https://hackerone.com/reports/432600" } ] } } } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2018-16493", "datePublished": "2019-02-01T18:00:00", "dateReserved": "2018-09-04T00:00:00", "dateUpdated": "2024-08-05T10:24:32.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2019-02-01 18:29
Modified
2024-11-21 03:52
Severity ?
Summary
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
References
▶ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://hackerone.com/reports/432600 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/432600 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
static-resource-server_project | static-resource-server | 1.7.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:static-resource-server_project:static-resource-server:1.7.2:*:*:*:*:node.js:*:*", "matchCriteriaId": "9EB605E4-3FEE-4AEE-A13F-A8768E8CC01A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de salto de directorio en el m\u00f3dulo static-resource-server, en su versi\u00f3n 1.7.2, que permite el acceso de lectura no autorizado a cualquier archivo en el servidor, anexando barras en la URL." } ], "id": "CVE-2018-16493", "lastModified": "2024-11-21T03:52:51.773", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-02-01T18:29:01.160", "references": [ { "source": "support@hackerone.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/432600" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/432600" } ], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-548" } ], "source": "support@hackerone.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }