CVE-2020-15124

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-15124
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15124.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-15124
Related
  • GHSA-7gwq-xqw3-cr63
Published
2020-07-22T18:15:11.863Z
Modified
2026-04-11T12:40:06.783300Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server user, eg. tomcat, but can potentially lead to the disclosure of sensitive information. The vulnerability has been fixed in version 4.8.3

References

Affected packages

Git / github.com/intranda/goobi-viewer-core

Affected ranges

Type
GIT
Repo
https://github.com/intranda/goobi-viewer-core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e3b995d727fc3091ffa78203c023ce04641659bc
Fixed
44ceb8e2e7e888391e8a941127171d6366770df3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.8.3"
        }
    ]
}

Affected versions

v4.*
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.5
v4.3.6
v4.3.7
v4.3.8
v4.4.0
v4.5.0
v4.5.1
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.8.0
v4.8.1
v4.8.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15124.json"
vanir_signatures_modified 
"2026-04-11T12:40:06Z"
vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "224140833022187430680246160732292077759",
                "31793268919990996947094421906088026833",
                "123485720058303907476753453674074582349",
                "169266538900279047058086485879275767511"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2020-15124-1dc90933",
        "signature_version": "v1",
        "source": "https://github.com/intranda/goobi-viewer-core/commit/44ceb8e2e7e888391e8a941127171d6366770df3",
        "target": {
            "file": "goobi-viewer-core/src/main/java/io/goobi/viewer/controller/DataFileTools.java"
        }
    },
    {
        "digest": {
            "length": 389.0,
            "function_hash": "203756672235332160873514900242496495877"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2020-15124-2a2ab04f",
        "signature_version": "v1",
        "source": "https://github.com/intranda/goobi-viewer-core/commit/44ceb8e2e7e888391e8a941127171d6366770df3",
        "target": {
            "function": "getDataFilePath",
            "file": "goobi-viewer-core/src/main/java/io/goobi/viewer/controller/DataFileTools.java"
        }
    }
]