CVE-2019-12276 — HIGH (7.5)

Vulnerability Description

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Grandnode	Grandnode	4.40

Related Weaknesses (CWE)

CWE-22

References

http://packetstormsecurity.com/files/153373/GrandNode-4.40-Path-Traversal-File-D
https://github.com/grandnode/grandnodeThird Party Advisory
https://grandnode.comVendor Advisory
http://packetstormsecurity.com/files/153373/GrandNode-4.40-Path-Traversal-File-D
https://github.com/grandnode/grandnodeThird Party Advisory
https://grandnode.comVendor Advisory

FAQ

What is CVE-2019-12276?

CVE-2019-12276 is a vulnerability with a CVSS score of 7.5 (HIGH). A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server...

How severe is CVE-2019-12276?

CVE-2019-12276 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-12276?

Check the references section above for vendor advisories and patch information. Affected products include: Grandnode Grandnode.