CVE-2019-7305 MEDIUM

CVE-2019-7305: eXtplorer exposes /usr and /etc/extplorer over HTTP

Vendor Canonical

Product eXtplorer

Weakness CWE-200 · Info exposure

Published April 9, 2020

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

5.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian

Key dates

02Disclosure timeline

April 9, 2020 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-7305 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2019-7305

CWE CWE-200

CVSS 5.8 / MEDIUM

Affected versions