Improper Preservation of Permissions in org.apache.struts:struts2-assembly

CVE-2019-0233

org.apache.struts:struts2-assembly
org.apache.struts:struts2-core
org.apache.struts:struts2-parent

High

7.5/10

Summary

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-281 - Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

Advisory
Advisory
Advisory

Advisory Timeline

Published Aug 13, 2020

Improper Preservation of Permissions in org.apache.struts:struts2-assembly

CVE-2019-0233

Summary

CWE-281 - Improper Preservation of Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS