Home > Vulnerability Database > WS-2020-0336

Mend.io Vulnerability Database

WS-2020-0336

Good to know:

Date: January 8, 2020

There's an security issue in prosody-filer before version 1.0.1 which leads to unwanted directory listings of download directories. An attacker is able to list previous uploads of a certain user by shortening the URL and accessing a URL subdirectors other than /upload/ (or the corresponding user defined root dir) Version 1.0.1 and later fix this problem and allow only direct file access if the full path is known. Directory listings are blocked entirely.

Language: Go

Severity Score

5.8

Related Resources (2)

Url: https://github.com/ThomasLeister/prosody-filer/commit/7dff0209f563414ced7584120dd7070ce2044155

Url: https://www.mend.io/vulnerability-database/WS-2020-0336

Severity Score

5.8

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version 1.0.1

Learn More

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2020-0336

Good to know:

Date: January 8, 2020

Language: Go

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?