Tgstation13 - Tgstation-server CVE

Filtered by vendor Tgstation13 Subscribe

Filtered by product Tgstation-server

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-16136	1 Tgstation13	1 Tgstation-server	2021-07-21	6.8 MEDIUM	7.7 HIGH
In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however.

Vulnerabilities (CVE)