admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-12 02:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2008/CVE-2008-41xx/CVE-2008-4129.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

216 lines
6.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2008-4129",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-09-18T20:00:00.577",
"lastModified": "2024-11-21T00:50:58.133",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."
},
{
"lang": "es",
"value": "Gallery, versiones anteriores a 1.5.9, y 2.x y versiones anteriores a 2.2.6, no trata adecuadamente archivos ZIP que contienen enlaces simb\u00f3licos, el cual permite a los usuarios remotos autentificados manejar los ataques de salto de directorio y leer archivos arbitrariamente a trav\u00e9s de vectores relativos a el fichero cargado funcionalmente (alias zip cargado)."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.5",
"matchCriteriaId": "F63EDF9A-1818-41D4-96EF-DFF61994C27F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallery:gallery:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD2DDED-A01D-4026-B8C3-0DA916466D1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallery:gallery:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D400C30B-BD93-4419-BEC2-24A470F5E473"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallery:gallery:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8180C4E9-EFC9-438C-AAAF-B09B838CA17E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallery:gallery:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2ED9F1B-D3BD-42BA-8300-6A719A577F7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallery:gallery:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A821D29-75FA-4A6D-BE1A-D11906FA188D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.8",
"matchCriteriaId": "B2630CD9-31D8-4E24-B518-03D94B3383B9"
}
]
}
]
}
],
"references": [
{
"url": "http://gallery.menalto.com/gallery_1.5.9_released",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://gallery.menalto.com/gallery_2.2.6_released",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://secunia.com/advisories/31912",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/32662",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/33144",
"source": "cve@mitre.org"
},
{
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/31231",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228",
"source": "cve@mitre.org"
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html",
"source": "cve@mitre.org"
},
{
"url": "http://gallery.menalto.com/gallery_1.5.9_released",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://gallery.menalto.com/gallery_2.2.6_released",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://secunia.com/advisories/31912",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://secunia.com/advisories/32662",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://secunia.com/advisories/33144",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securityfocus.com/bid/31231",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink