GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-27T19:07:12
Updated: 2024-08-04T17:09:15.193Z
Reserved: 2020-12-27T00:00:00
Link: CVE-2020-35736
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-12-27T20:15:12.400
Modified: 2020-12-29T20:50:23.023
Link: CVE-2020-35736
Redhat
No data.