CVE-2020-16136

CVE-2020-16136

In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however.

Source: CVE-2020-16136

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다