Directory Traversal Vulnerability in SUSI.AI Server
CVE-2020-4039

8.6HIGH

Key Information:

Vendor

Fossasia

Vendor
CVE Published:
30 April 2021

What is CVE-2020-4039?

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved or deleted.

Affected Version(s)

susi_server <=d27ed0f

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.