CVE-2020-13452

Description

In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution.

Affected Software
References

Software	From	Fixed in
thecodingmachine / gotenberg	-	6.2.1.x

http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html
https://github.com/thecodingmachine/gotenberg/issues/199

Severity: Critical

CVE: CVE-2020-13452
Published: Jan 7, 2021
Updated: Apr 13, 2023
Exploit:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-276

CVE-2020-13452

Description

Details

CVSS v3

CVSS v2

CWEs