Lucene search

[email protected]NVD:CVE-2020-21527

HistorySep 30, 2020 - 6:15 p.m.

CVE-2020-21527

2020-09-3018:15:24

CWE-22

[email protected]

web.nvd.nist.gov

arbitrary file deletion

vulnerability

halo v1.1.3

backup function

directory traversal

system files

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

26.9%

JSON

There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal.

Affected configurations

Nvd

Node

halohaloMatch1.1.3

VendorProductVersionCPE
halohalo1.1.3cpe:2.3:a:halo:halo:1.1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
halo	halo	1.1.3	cpe:2.3:a:halo:halo:1.1.3:::::::*

References

github.com/halo-dev/halo/issues/422

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

26.9%

JSON

Related for NVD:CVE-2020-21527

cve1 prion1 cvelist1