CVE-2014-2857

Published: Apr 15, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from CVE-2014-0053 due to different researchers per ADT5.

Affected (38)

Products: Gopivotal: Grails Resources, Grails

Gopivotal

2 products

Grails Resources

Grails

Configuration A

38 vulnerable

Vulnerable Software	Affected Versions
Gopivotal Grails Resources	Version 1.0.0
Gopivotal Grails Resources	Version 1.0.2
Gopivotal Grails Resources	Version 1.1.0
Gopivotal Grails Resources	Version 1.1.1
Gopivotal Grails Resources	Version 1.1.2
Gopivotal Grails Resources	Version 1.1.4
Gopivotal Grails Resources	Version 1.1.5
Gopivotal Grails Resources	Version 1.1.6
Gopivotal Grails Resources	Version 1.2.0
Gopivotal Grails Resources	Version 1.2.1
Gopivotal Grails Resources	Version 1.2.2
Gopivotal Grails Resources	Version 1.2.3
Gopivotal Grails Resources	Version 1.2.4
Gopivotal Grails Resources	Version 1.2.5
Gopivotal Grails	Version 2.0.0
Gopivotal Grails	Version 2.0.1
Gopivotal Grails	Version 2.0.2
Gopivotal Grails	Version 2.0.3
Gopivotal Grails	Version 2.0.4
Gopivotal Grails	Version 2.1.0
Gopivotal Grails	Version 2.1.1
Gopivotal Grails	Version 2.1.2
Gopivotal Grails	Version 2.1.3
Gopivotal Grails	Version 2.1.4
Gopivotal Grails	Version 2.1.5
Gopivotal Grails	Version 2.2.0
Gopivotal Grails	Version 2.2.1
Gopivotal Grails	Version 2.2.2
Gopivotal Grails	Version 2.2.3
Gopivotal Grails	Version 2.2.4
Gopivotal Grails	Version 2.2.5
Gopivotal Grails	Version 2.3.0
Gopivotal Grails	Version 2.3.1
Gopivotal Grails	Version 2.3.2
Gopivotal Grails	Version 2.3.3
Gopivotal Grails	Version 2.3.4
Gopivotal Grails	Version 2.3.5
Gopivotal Grails	Version 2.3.6