CVE-2019-0225

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

Published: Mar 28, 2019
Updated: Nov 8, 2023
CVE: CVE-2019-0225
GHSA: GHSA-pffw-p2q5-w6vh
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
apache / jspwiki	2.11.0-milestone1-rc1	2.11.0-milestone1-rc1.x
apache / jspwiki	2.11.0-milestone1-rc2	2.11.0-milestone1-rc2.x
apache / jspwiki	2.11.0-milestone1-rc3	2.11.0-milestone1-rc3.x
apache / jspwiki	2.11.0-milestone2-rc1	2.11.0-milestone2-rc1.x
apache / jspwiki	2.11.0-milestone2	2.11.0-milestone2.x
apache / jspwiki	2.11.0	2.11.0.x
apache / jspwiki	2.9.0	2.11.0
org.apache.jspwiki / jspwiki-war	2.9.0	2.11.0.M3

http://www.openwall.com/lists/oss-security/2019/03/26/2
http://www.securityfocus.com/bid/107627
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225
https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9%40%3Cuser.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831%40%3Cdev.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E

Vulnerability Database

290,018

CVE-2019-0225