Path Traversal Vulnerability in Static Resource Server by Vendor
CVE-2018-16493

7.5HIGH

Key Information:

Vendor: Hackerone
Status: Static-resource-server
Vendor: CVE Published:; 1 February 2019

What is CVE-2018-16493?

A path traversal vulnerability exists in the Static Resource Server module version 1.7.2, which allows attackers to gain unauthorized access to files on the server. By manipulating the URL with appended slashes, an attacker can exploit this vulnerability to read sensitive data stored on the server, potentially leading to further compromises.

Affected Version(s)

static-resource-server 1.7.2

References

https://hackerone.com/reports/432600

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2019
Vulnerability Reserved
Sep 4, 2018

Hackerone

What is CVE-2018-16493?

Affected Version(s)

References

CVSS V3.1

Timeline