Lucene search

[email protected]NVD:CVE-2021-20876

HistoryDec 24, 2021 - 7:15 a.m.

CVE-2021-20876

2021-12-2407:15:06

CWE-22

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

55.6%

JSON

Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site’s server via unspecified vectors.

Affected configurations

NVD

Node

groupsessiongroupsessionRange≤5.1.1cloud

groupsessiongroupsessionRange≤5.1.1free

groupsessiongroupsessionRange≤5.1.1zion

References

groupsession.jp/info/info-news/security20211220

jvn.jp/en/jp/JVN79798166/index.html

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

55.6%

JSON

Related for NVD:CVE-2021-20876

cvelist1 cve1 prion1 jvn1