Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `/list/<path:folderpath>` and discloses lists of files located on the server including sensitive data. Version 1.7.1 fixes this issue.
References
Link | Resource |
---|---|
https://github.com/Linbreux/wikmd/commit/8d1f94ec86b5b6c3df8ef10051facfb511a78450 | Patch Third Party Advisory |
https://github.com/Linbreux/wikmd/security/advisories/GHSA-w4cf-92x9-v8w2 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-09-07T21:00:13
Updated: 2022-09-07T21:00:13
Reserved: 2022-07-15T00:00:00
Link: CVE-2022-36081
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-07T21:15:08.697
Modified: 2022-09-12T18:24:32.200
Link: CVE-2022-36081
JSON object: View
Redhat Information
No data.