MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-asset-manager` >= 5.0.1. This issue was addressed by restricting access to files to intended directories only.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-10-11T00:00:00
Updated: 2024-08-03T12:00:44.035Z
Reserved: 2022-09-02T00:00:00
Link: CVE-2022-39296
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-10-11T18:15:10.047
Modified: 2022-10-14T01:05:43.000
Link: CVE-2022-39296
Redhat
No data.