Vulnerability Description
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
CVSS Score
5.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Kura | <= 4.0.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107844Third Party AdvisoryVDB Entry
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835Issue TrackingVendor Advisory
- http://www.securityfocus.com/bid/107844Third Party AdvisoryVDB Entry
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835Issue TrackingVendor Advisory
FAQ
What is CVE-2019-10242?
CVE-2019-10242 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
How severe is CVE-2019-10242?
CVE-2019-10242 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10242?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Kura.