diff options
Diffstat (limited to 'old/groupfolders/nc-sa-2020-017.json')
-rw-r--r-- | old/groupfolders/nc-sa-2020-017.json | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/old/groupfolders/nc-sa-2020-017.json b/old/groupfolders/nc-sa-2020-017.json new file mode 100644 index 0000000..bbdfbd6 --- /dev/null +++ b/old/groupfolders/nc-sa-2020-017.json @@ -0,0 +1,30 @@ +{ + "Title": "Renaming an item to a protected hidden folder deletes the target", + "Timestamp": 1563192000, + "Risk": 1, + "CVSS3": { + "score": 6.8, + "vector": "AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H" + }, + "CWE": { + "id": 284, + "name": "Improper Access Control - Generic" + }, + "HackerOne": 642515, + "Affected":[ + { + "Version":"4.0.4", + "CVE":"CVE-2020-8153", + "Operator":"<" + } + ], + "Description":"Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.", + "ActionTaken": "The error has been fixed.", + "Acknowledgment":[ + { + "Name": "Francesco MORO(sinotto)", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that the Groupfolders app is upgraded to 4.0.4." +} |