Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN26393529/index.html | Vendor Advisory |
http://cs.cybozu.co.jp/information/gr20140225up05.php | Vendor Advisory |
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023 | Vendor Advisory |
https://support.cybozu.com/ja-jp/article/7994 | Vendor Advisory |
http://www.securityfocus.com/bid/65815 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2014-02-26 17:55
Updated : 2015-08-13 10:53
NVD link : CVE-2014-0820
Mitre link : CVE-2014-0820
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
cybozu
- garoon