Security Advisory

CVE-2018-11789

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-03-18 14:15:31

Last updated 2024-08-05 08:17:09

Assigner apache

State PUBLISHED

Description

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.

← Browse all CVEs View on cve.org ↗