CVE-2018-11789

Summary

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.

Affected Software

VendorProductVersion RangeStatus
n/aApache Incubator HeronApache Incubator Heron 0.13.0 to 0.17.8affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References