Path Traversal Vulnerability in GaussDB 200 by Huawei
CVE-2020-1853
6.5MEDIUM
Summary
GaussDB 200 version 6.5.1 contains a path traversal vulnerability due to inadequate input path validation. An authenticated attacker could exploit this weakness to traverse directories, allowing them to download sensitive files to designated locations. This could lead to significant information leakage, posing a risk to the integrity and confidentiality of the system.
Affected Version(s)
GaussDB 200 6.5.1
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved