Search
Find a vulnerability
Search criteria
2 vulnerabilities found for eXtplorer by Canonical
CVE-2019-7305 (GCVE-0-2019-7305)
Vulnerability from nvd – Published: 2020-04-09 23:50 – Updated: 2024-09-17 03:12
VLAI
Title
eXtplorer exposes /usr and /etc/extplorer over HTTP
Summary
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian
Severity
5.8 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://launchpad.net/bugs/1822013 | x_refsource_MISC |
Impacted products
Date Public
2019-03-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1822013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eXtplorer",
"vendor": "Canonical",
"versions": [
{
"lessThanOrEqual": "2.1.0b6+dfsg.3-4+deb7u5ubuntu0.16.04.1",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2019-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:50:11.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.net/bugs/1822013"
}
],
"source": {
"defect": [
"https://launchpad.net/bugs/1822013"
],
"discovery": "EXTERNAL"
},
"title": "eXtplorer exposes /usr and /etc/extplorer over HTTP",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-03-27T13:15:00.000Z",
"ID": "CVE-2019-7305",
"STATE": "PUBLIC",
"TITLE": "eXtplorer exposes /usr and /etc/extplorer over HTTP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eXtplorer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.1.0",
"version_value": "2.1.0b6+dfsg.3-4+deb7u5ubuntu0.16.04.1"
},
{
"version_affected": "\u003c=",
"version_name": "2.1.0",
"version_value": "2.1.0b6+dfsg.3-4+deb7u5build0.14.04.1 +1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1822013",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/1822013"
}
]
},
"source": {
"defect": [
"https://launchpad.net/bugs/1822013"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-7305",
"datePublished": "2020-04-09T23:50:11.945Z",
"dateReserved": "2019-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:12:40.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7305 (GCVE-0-2019-7305)
Vulnerability from cvelistv5 – Published: 2020-04-09 23:50 – Updated: 2024-09-17 03:12
VLAI
Title
eXtplorer exposes /usr and /etc/extplorer over HTTP
Summary
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian
Severity
5.8 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://launchpad.net/bugs/1822013 | x_refsource_MISC |
Impacted products
Date Public
2019-03-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1822013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eXtplorer",
"vendor": "Canonical",
"versions": [
{
"lessThanOrEqual": "2.1.0b6+dfsg.3-4+deb7u5ubuntu0.16.04.1",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2019-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:50:11.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.net/bugs/1822013"
}
],
"source": {
"defect": [
"https://launchpad.net/bugs/1822013"
],
"discovery": "EXTERNAL"
},
"title": "eXtplorer exposes /usr and /etc/extplorer over HTTP",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-03-27T13:15:00.000Z",
"ID": "CVE-2019-7305",
"STATE": "PUBLIC",
"TITLE": "eXtplorer exposes /usr and /etc/extplorer over HTTP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eXtplorer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.1.0",
"version_value": "2.1.0b6+dfsg.3-4+deb7u5ubuntu0.16.04.1"
},
{
"version_affected": "\u003c=",
"version_name": "2.1.0",
"version_value": "2.1.0b6+dfsg.3-4+deb7u5build0.14.04.1 +1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1822013",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/1822013"
}
]
},
"source": {
"defect": [
"https://launchpad.net/bugs/1822013"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-7305",
"datePublished": "2020-04-09T23:50:11.945Z",
"dateReserved": "2019-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:12:40.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}