Lucene search

GitHub Advisory DatabaseGHSA-C5VW-342H-X5RX

HistoryMay 01, 2022 - 7:13 a.m.

Alkacon OpenCms Exposes JSP Source Code

2022-05-0107:13:46

CWE-200

GitHub Advisory Database

github.com

alkacon

opencms

jsp

source code

remote authenticated users

resource parameter

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

67.8%

JSON

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.

Affected configurations

Vulners

Node

org.opencmsopencms-coreRange<6.2.2

VendorProductVersionCPE
org.opencmsopencms-core*cpe:2.3:a:org.opencms:opencms-core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.opencms	opencms-core	*	cpe:2.3:a:org.opencms:opencms-core::::::::

References

www.opencms.org/opencms/en/shownews.html?id=1002

exchange.xforce.ibmcloud.com/vulnerabilities/28001

github.com/advisories/GHSA-c5vw-342h-x5rx

nvd.nist.gov/vuln/detail/CVE-2006-3936

web.archive.org/web/20061014175017/o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt

web.archive.org/web/20201208142708/www.securityfocus.com/archive/1/441182/100/0/threaded

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

67.8%

JSON

Related for GHSA-C5VW-342H-X5RX