Lucene search

GitHub Advisory DatabaseGHSA-V3PX-6CC8-F8J3

HistoryMay 07, 2021 - 3:56 p.m.

Path traversal in servey

2021-05-0715:56:19

CWE-22

GitHub Advisory Database

github.com

path traversal

servey vulnerability

arbitrary file access

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.006

Percentile

79.3%

JSON

A path traversal vulnerability in servey versions prior to 3.3.2 allows an attacker to read content of any arbitrary file.

Affected configurations

Vulners

Node

servey_projectserveyRange<3.3.2node.js

VendorProductVersionCPE
servey_projectservey*cpe:2.3:a:servey_project:servey:*:*:*:*:*:node.js:*:*

Vendor	Product	Version	CPE
servey_project	servey	*	cpe:2.3:a:servey_project:servey::::::node.js::*

References

github.com/advisories/GHSA-v3px-6cc8-f8j3

hackerone.com/reports/355501

nvd.nist.gov/vuln/detail/CVE-2020-8214

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.006

Percentile

79.3%

JSON

Related for GHSA-V3PX-6CC8-F8J3