Description

A Path Traversal vulnerability in LetsEncryptController in GrandNode allows an unauthenticated attacker to retrieve arbitrary files on the web server.

Remediation

Upgrade to the latest version of Grandnode

References

Grandnode Path Traversal

Related Vulnerabilities

Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-18836)

MySQL CVE-2022-21284 Vulnerability (CVE-2022-21284)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43710)

ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)

MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-36125)

Severity

High

Classification

CVE-2019-12276 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Known Vulnerabilities