Arbitrary File Download Vulnerability in Jeecg v3.8
CVE-2020-20948

7.5HIGH

Key Information:

Vendor

Jeecg

Status
Vendor
CVE Published:
27 December 2021

What is CVE-2020-20948?

An arbitrary file download vulnerability exists in Jeecg v3.8 that allows attackers to exploit a flaw in the 'localPath' variable. This enables unauthorized access to sensitive files on the server, posing a serious risk to data integrity and confidentiality. Attackers can manipulate the system to download files that should otherwise be restricted, which could lead to further exploitation or data leakage.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-20948 : Arbitrary File Download Vulnerability in Jeecg v3.8