CVE-2019-17050

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-17050

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17050.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-17050

Published

2019-09-30T19:15:08Z

Modified

2025-01-14T07:51:30.373510Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment.

References

https://github.com/the-control-group/voyager/issues/4322

Affected packages

Git / github.com/the-control-group/voyager

Affected ranges

Type: GIT
Repo: https://github.com/the-control-group/voyager
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

015c517a1e52ee93a6f83a24a601f50cb0b92cf1

Affected versions

v0.*

v0.11.14

v1.*

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.12

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7