Exposure of Information Through Directory Listing

CVE-2020-7858

Medium

6.8/10

Summary

There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-548 - Exposure of Information Through Directory Listing

A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.

References

Advisory Timeline

Published Apr 22, 2021

Exposure of Information Through Directory Listing

CVE-2020-7858

Summary

CWE-548 - Exposure of Information Through Directory Listing

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS