oss-sec mailing list archives
[CVE-2020-13924] Apache Ambari Arbitrary File Download Vulnerability
From: Szabolcs Beki <szabolcs.beki () gmail com>
Date: Sun, 7 Feb 2021 12:30:19 +0100
[CVEID]:CVE-2020-13924 [PRODUCT]:Apache Ambari [VERSION]:All 2.6.x and before [PROBLEMTYPE]:Information Disclosure [REFERENCES]: https://mail-archives.apache.org/mod_mbox/ambari-user/202102.mbox/%3CCAEJYuxEQZ_aPwJdAaSxPu-Dva%3Dhc7zZUx3-pzBORbd23g%2BGH1A%40mail.gmail.com%3E [DESCRIPTION]:Malicious users can construct file names for directory traversal and traverse to other directories to download files.
Current thread:
- [CVE-2020-13924] Apache Ambari Arbitrary File Download Vulnerability Szabolcs Beki (Feb 07)