CVE-2018-11798

ADVISORY - github

Summary

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

EPSS Score⁠: 0.00402 (0.608)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-538⁠

Insertion of Sensitive Information into Externally-Accessible File or Directory

ADVISORY - github

CWE-538⁠

Insertion of Sensitive Information into Externally-Accessible File or Directory

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-538⁠

Insertion of Sensitive Information into Externally-Accessible File or Directory

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-284⁠

Improper Access Control

Impacted images

Advisories

NIST

CREATED

7 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2018-11798⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-538⁠

CVSS SCORE

6.5medium

GitHub

CREATED

7 years ago

UPDATED

3 years ago

ADVISORY IDGHSA-vx85-mj8c-4qm6⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-538⁠

CVSS SCORE

6.5medium

Debian

CREATED

7 years ago

UPDATED

8 days ago

ADVISORY IDCVE-2018-11798⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

7 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2018-11798⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.5low

GitLab

CREATED

7 years ago

UPDATED

5 years ago

ADVISORY ID

CVE-2018-11798

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-538⁠CWE-937⁠

CVSS SCORE

6.5medium

Red Hat

CREATED

8 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2018-11798⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠CWE-284⁠

CVSS SCORE

7.5high

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-8mwp-6xpm-4x8f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-pmq8-4h9g-36mm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY