A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file.
References
Link Resource
https://github.com/sensepost/gowitness/releases/tag/2.3.6 Patch Release Notes Third Party Advisory
https://twitter.com/leonjza/status/1395283512433971202?s=19 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-09T17:45:57

Updated: 2021-06-09T17:45:57

Reserved: 2021-05-20T00:00:00


Link: CVE-2021-33359

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-06-09T18:15:08.767

Modified: 2021-06-17T15:21:45.137


Link: CVE-2021-33359

JSON object: View

cve-icon Redhat Information

No data.

CWE