[NMS-13832] CVE-2021-28164: access to WEB-INF - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: Meridian-2019.1.25, Meridian-2020.1.14, Meridian-2021.1.6, 29.0.1
Fix Version/s: Meridian-2018.1.32, Meridian-2019.1.26, Meridian-2020.1.15, Meridian-2021.1.7, 29.0.2
Component/s: Web UI - General
Security Level: Default (Default Security Scheme)
Labels:
None

Description

A new variation on CVE-2021-28164 / GHSA-v7ff-8wcx-gmc5 has been found that could expose the contents of the WEB-INF directory, which is obviously bad.

Attachments

Activity

People

Assignee:: Benjamin Reed

Reporter:: Benjamin Reed

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Dec/21 3:20 PM

Updated:: 15/Dec/21 10:11 PM

Resolved:: 07/Dec/21 3:53 PM