{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-02T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-26T16:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://contao.org/en/news/contao-3_2_19.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://contao.org/en/news/contao-3_4_4.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0269", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://contao.org/en/news/contao-3_2_19.html", "refsource": "CONFIRM", "url": "https://contao.org/en/news/contao-3_2_19.html"}, {"name": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html", "refsource": "CONFIRM", "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"}, {"name": "https://contao.org/en/news/contao-3_4_4.html", "refsource": "CONFIRM", "url": "https://contao.org/en/news/contao-3_4_4.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.676Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://contao.org/en/news/contao-3_2_19.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://contao.org/en/news/contao-3_4_4.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0269", "datePublished": "2017-05-26T17:00:00.000Z", "dateReserved": "2014-11-18T00:00:00.000Z", "dateUpdated": "2024-08-06T04:03:10.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F2A2A58-FA38-4930-86E3-07239AC98EE6", "versionEndIncluding": "3.2.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:contao:contao_cms:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "560647AE-9AA0-4A9F-AF6C-81CA20C4B120", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:3.4.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "E2D73046-F8FE-489F-850D-C01A2F20064C", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "102364AF-FC62-40D0-8318-EA2530D68F9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "342AC8F9-0F65-4901-AD0B-BFDA4EB57122", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A753375D-F536-49B5-9476-F1C6D86BDCCA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."}, {"lang": "es", "value": "La vulnerabilidad de desplazamiento de directorios en Contao en versiones anteriores a la 3.2.19, versi\u00f3n 3.4.x y anteriores a la 3.4.4, permite a usuarios remotos autenticados \"back-end\" ver archivos fuera de su sistema de archivos o la ra\u00edz de directorios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-0269", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-26T17:29:00.180", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://contao.org/en/news/contao-3_2_19.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://contao.org/en/news/contao-3_4_4.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://contao.org/en/news/contao-3_2_19.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://contao.org/en/news/contao-3_4_4.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}