Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.
References
Link | Resource |
---|---|
https://Ardent-Security.com | Third Party Advisory |
https://ardent-security.com/en/advisory/asa-2021-03/ | Third Party Advisory |
https://Ardent-Security.com | Third Party Advisory |
https://ardent-security.com/en/advisory/asa-2021-03/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://Ardent-Security.com - Third Party Advisory | |
References | () https://ardent-security.com/en/advisory/asa-2021-03/ - Third Party Advisory |
Information
Published : 2022-02-04 19:15
Updated : 2024-11-21 06:01
NVD link : CVE-2021-29395
Mitre link : CVE-2021-29395
CVE.ORG link : CVE-2021-29395
JSON object : View
Products Affected
globalnorthstar
- northstar_club_management
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')