CVE-2020-23995

Published: May 13, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.

Affected (2)

Products: Ilias: Ilias

Ilias

1 product

Ilias

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ilias Ilias	Before 5.3.19
Ilias Ilias	From 5.4.0 to 5.4.12

Related CWEs

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (10)

https://cwe.mitre.org/data/definitions/209.html

Source: cve@mitre.org

Technical Description

https://docu.ilias.de/goto_docu_pg_118817_35.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://docu.ilias.de/goto_docu_pg_122177_35.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://docu.ilias.de/goto_docu_pg_124761_35.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/ILIAS-eLearning/ILIAS/commit/94d9b16010ec3abeae8d2cbb05622ccd999119ad

Source: cve@mitre.org

PatchThird Party Advisory

https://cwe.mitre.org/data/definitions/209.html