A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-05T17:30:01
Updated: 2024-08-04T23:17:38.865Z
Reserved: 2019-05-22T00:00:00
Link: CVE-2019-12276
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-06-05T18:29:01.090
Modified: 2019-06-24T23:15:11.473
Link: CVE-2019-12276
Redhat
No data.