In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NTgstation13 Tgstation Server
APPTgstation134.4.04.4.1
Powiązane podatności
In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allow...
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to author...
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users ...
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12....
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was register...