Security Advisory

CVE-2018-1299

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-02-06 19:00:00

Last updated 2024-09-16 21:07:54

Assigner apache

State PUBLISHED

Description

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.

← Browse all CVEs View on cve.org ↗