Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Sep 2024 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 |
Thu, 05 Sep 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. | Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. |
Weaknesses | CWE-73 |
MITRE
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2024-02-07T02:50:42.355Z
Updated: 2024-09-05T22:16:57.098Z
Reserved: 2024-01-24T02:36:01.693Z
Link: CVE-2024-0849
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-02-07T03:15:50.083
Modified: 2024-09-05T23:15:11.673
Link: CVE-2024-0849
Redhat
No data.