Base Score

MEDIUM6.5

CVE-2018-16485

Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.

VectorNETWORK

Published Bysupport@hackerone.com

Published DateFeb 01, 2019, 18:29

Affected Versions(1)

m-server(npm)

Introduced0

Fixed1.4.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
m-server(npm)	0	1.4.1	N/A

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

https://hackerone.com/reports/319795

Base Score

MEDIUM6.5

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE