Description

A Path Traversal vulnerability in LetsEncryptController in GrandNode allows an unauthenticated attacker to retrieve arbitrary files on the web server.

Remediation

Upgrade to the latest version of Grandnode

References

Grandnode Path Traversal

Related Vulnerabilities

Liferay Portal Missing Authorization Vulnerability (CVE-2023-3426)

MySQL CVE-2024-21061 Vulnerability (CVE-2024-21061)

Envoy Proxy Reachable Assertion Vulnerability (CVE-2021-29258)

phpMyAdmin Other Vulnerability (CVE-2005-2869)

MediaWiki CVE-2023-36674 Vulnerability (CVE-2023-36674)

Severity

High

Classification

CVE-2019-12276 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Known Vulnerabilities