CVE-2019-12276

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-12276
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12276.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-12276
Published
2019-06-05T18:29:01.090Z
Modified
2026-03-10T22:10:06.313148Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.

References

Affected packages

Git / github.com/grandnode/grandnode

Affected ranges

Type
GIT
Repo
https://github.com/grandnode/grandnode
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c2f4ebc198bad7cc4ecaef806355e1f1d1d75ff0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.40"
        }
    ]
}

Affected versions

3.*
3.70
3.80
3.80Beta
3.90
3.90Beta
4.*
4.00Beta
4.10
4.10Beta
4.20
4.20.01
4.20Beta
4.30
4.30Beta
4.40
4.40Beta

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12276.json"