Description

A Path Traversal vulnerability in LetsEncryptController in GrandNode allows an unauthenticated attacker to retrieve arbitrary files on the web server.

Remediation

Upgrade to the latest version of Grandnode

References

Grandnode Path Traversal

Related Vulnerabilities

MySQL CVE-2020-14830 Vulnerability (CVE-2020-14830)

Squid Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-46846)

Elgg Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6562)

Oracle JRE CVE-2019-2964 Vulnerability (CVE-2019-2964)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4939)

Severity

High

Classification

CVE-2019-12276 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Known Vulnerabilities