CVE-2019-10242

Summary

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Kuraunspecified <= 4.0.0affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References