CVE-2019-14671

Published: Aug 5, 2019Modified: Nov 21, 2024

3.3

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.

Affected (1)

Products: Firefly Iii: Firefly Iii

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Firefly Iii Firefly Iii	Version 4.7.17.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/firefly-iii/firefly-iii/issues/2367

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/firefly-iii/firefly-iii/issues/2367

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.