Security Advisories¶
CV-2020080101¶
Date |
2020.08.01 |
|---|---|
Affected Versions |
3.0 < 3.0.27 |
Vulnerability Type |
RCE |
Risk |
Medium |
Description |
Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting. |
CVE |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25802 |
CV-2020080102¶
Date |
2020.08.01 |
|---|---|
Affected Versions |
3.0 < 3.0.27 |
Vulnerability Type |
RCE |
Risk |
Medium |
Description |
Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects. |
CVE |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25803 |
CV-2018120601¶
Date |
2018.12.06 |
|---|---|
Affected Versions |
3.0 < 3.0.19 |
Vulnerability Type |
RCE |
Risk |
Medium |
Description |
Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via FreeMarker templates. |
CVE |
CV-2017061501¶
Date |
2017.06.15 |
|---|---|
Affected Versions |
3.0 < 3.0.1 |
Vulnerability Type |
IDOR |
Risk |
High |
Description |
An IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. |
CVE |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15680 |
CV-2017061502¶
Date |
2017.06.15 |
|---|---|
Affected Versions |
3.0 < 3.0.1 |
Vulnerability Type |
Directory Traversal |
Risk |
Critical |
Description |
A directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE. |
CVE |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15681 |
CV-2017061503¶
Date |
2017.06.15 |
|---|---|
Affected Versions |
3.0 < 3.0.1 |
Vulnerability Type |
Stored XSS |
Risk |
High |
Description |
An unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. |
CVE |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15682 |
CV-2017061504¶
Date |
2017.06.15 |
|---|---|
Affected Versions |
3.0 < 3.0.1 |
Vulnerability Type |
XXE |
Risk |
High |
Description |
An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. |
CVE |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15683 |
CV-2017061505¶
Date |
2017.06.15 |
|---|---|
Affected Versions |
3.0 < 3.0.1 |
Vulnerability Type |
Directory Traversal |
Risk |
High |
Description |
A directory traversal vulnerability exists which allows unauthenticated attackers to view files from the operating system. |
CVE |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15684 |
CV-2017061506¶
Date |
2017.06.15 |
|---|---|
Affected Versions |
3.0 < 3.0.1 |
Vulnerability Type |
XXE |
Risk |
High |
Description |
An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. |
CVE |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15685 |
CV-2017061507¶
Date |
2017.06.15 |
|---|---|
Affected Versions |
3.0 < 3.0.1 |
Vulnerability Type |
Reflected XSS |
Risk |
Medium |
Description |
A reflected XSS vulnerability exists which allows remote attackers to steal users’ cookies resulting in them hijacking their session. |
CVE |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15686 |