CVE-2021-20876

Published: Dec 24, 2021Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Exploitability: 2.3 / Impact: 4.0

Source: NVD

Description

Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors.

Affected (3)

Products: Groupsession: Groupsession

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Groupsession Groupsession	Up to 5.1.1
Groupsession Groupsession	Up to 5.1.1
Groupsession Groupsession	Up to 5.1.1

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

https://groupsession.jp/info/info-news/security20211220

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN79798166/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://groupsession.jp/info/info-news/security20211220

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://jvn.jp/en/jp/JVN79798166/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.