zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
References
Link | Resource |
---|---|
https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba | Patch Third Party Advisory |
https://github.com/94fzb/zrlog/issues/48 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-25T21:46:12
Updated: 2020-08-25T21:46:12
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-19005
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-25T22:15:11.537
Modified: 2020-09-03T15:11:25.853
Link: CVE-2020-19005
JSON object: View
Redhat Information
No data.
CWE