Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2018-11798
Summary
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
References
Advisory Timeline
- Published