CVE-2020-16136

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-16136

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-16136.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-16136

Related

GHSA-r8pp-42wr-2gc4

Published

2020-07-31T16:15:11.120Z

Modified

2026-02-04T02:23:14.541358Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however.

References

Affected packages

Git / github.com/tgstation/tgstation-server

Affected ranges

Type: GIT
Repo: https://github.com/tgstation/tgstation-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5432ae41ccab80a0f5b6af17e3bda9c290aaee94

Last affected

e9ecf4f382cb3581e52881e2479a0eec5f12612c

Affected versions

api-v5.*

api-v5.0.0

api-v5.0.1

api-v6.*

api-v6.0.0

api-v6.1.0

api-v6.2.0

api-v6.3.0

api-v6.4.0

api-v6.4.1

api-v6.5.0

api-v6.5.1

api-v6.6.0

api-v7.*

api-v7.0.0

api-v7.0.1

dmapi-v5.*

dmapi-v5.0.0

dmapi-v5.1.0

dmapi-v5.1.1

dmapi-v5.2.0

dmapi-v5.2.1

dmapi-v5.2.2

tgstation-server-v3.*

tgstation-server-v3.0.78.0

tgstation-server-v3.0.79.0

tgstation-server-v3.0.80.0

tgstation-server-v3.0.81.0

tgstation-server-v3.0.82.0

tgstation-server-v3.0.83.0

tgstation-server-v3.0.84.0

tgstation-server-v3.0.85.0

tgstation-server-v3.0.85.2

tgstation-server-v3.0.85.3

tgstation-server-v3.0.85.4

tgstation-server-v3.0.86.0

tgstation-server-v3.0.87.0

tgstation-server-v3.0.88.0

tgstation-server-v3.0.89.0

tgstation-server-v3.0.90.0

tgstation-server-v3.0.90.1

tgstation-server-v3.0.90.2

tgstation-server-v3.1.0.1

tgstation-server-v3.1.0.2

tgstation-server-v3.1.0.3

tgstation-server-v3.1.0.4

tgstation-server-v3.1.0.5

tgstation-server-v3.1.0.6

tgstation-server-v3.1.0.7

tgstation-server-v3.1.0.8

tgstation-server-v3.1.1.0

tgstation-server-v3.1.2.0

tgstation-server-v3.1.2.1

tgstation-server-v3.1.2.2

tgstation-server-v3.1.3.0

tgstation-server-v3.1.3.1

tgstation-server-v3.1.3.2

tgstation-server-v3.1.4.0

tgstation-server-v3.1.4.1

tgstation-server-v3.1.5.0

tgstation-server-v3.1.5.1

tgstation-server-v3.1.6.0

tgstation-server-v3.1.6.1

tgstation-server-v3.1.6.2

tgstation-server-v3.1.6.3

tgstation-server-v3.1.6.4

tgstation-server-v3.1.6.5

tgstation-server-v3.1.6.6

tgstation-server-v3.2.0.0

tgstation-server-v3.2.0.1

tgstation-server-v3.2.0.10

tgstation-server-v3.2.0.11

tgstation-server-v3.2.0.12

tgstation-server-v3.2.0.13

tgstation-server-v3.2.0.14

tgstation-server-v3.2.0.15

tgstation-server-v3.2.0.16

tgstation-server-v3.2.0.17

tgstation-server-v3.2.0.2

tgstation-server-v3.2.0.3

tgstation-server-v3.2.0.4

tgstation-server-v3.2.0.5

tgstation-server-v3.2.0.6

tgstation-server-v3.2.0.7

tgstation-server-v3.2.0.8

tgstation-server-v3.2.0.9

tgstation-server-v3.2.1.0

tgstation-server-v3.2.1.1

tgstation-server-v3.2.1.10

tgstation-server-v3.2.1.11

tgstation-server-v3.2.1.12

tgstation-server-v3.2.1.13

tgstation-server-v3.2.1.14

tgstation-server-v3.2.1.15

tgstation-server-v3.2.1.2

tgstation-server-v3.2.1.3

tgstation-server-v3.2.1.4

tgstation-server-v3.2.1.5

tgstation-server-v3.2.1.6

tgstation-server-v3.2.1.7

tgstation-server-v3.2.1.8

tgstation-server-v3.2.1.9

tgstation-server-v3.2.2.0

tgstation-server-v3.2.2.1

tgstation-server-v3.2.2.2

tgstation-server-v3.2.2.3

tgstation-server-v3.2.2.4

tgstation-server-v3.2.3.0

tgstation-server-v3.2.3.2

tgstation-server-v3.2.3.3

tgstation-server-v3.2.3.4

tgstation-server-v3.2.3.5

tgstation-server-v3.2.3.6

tgstation-server-v3.2.3.7

tgstation-server-v4.*

tgstation-server-v4.0.0.0

tgstation-server-v4.0.0.1

tgstation-server-v4.0.0.2

tgstation-server-v4.0.0.3

tgstation-server-v4.0.0.4

tgstation-server-v4.0.0.5

tgstation-server-v4.0.0.6

tgstation-server-v4.0.1.0

tgstation-server-v4.0.1.1

tgstation-server-v4.0.1.2

tgstation-server-v4.0.1.3

tgstation-server-v4.0.1.4

tgstation-server-v4.0.2.0

tgstation-server-v4.0.2.1

tgstation-server-v4.1.0

tgstation-server-v4.1.1

tgstation-server-v4.1.2

tgstation-server-v4.1.3

tgstation-server-v4.1.4

tgstation-server-v4.2.0

tgstation-server-v4.2.1

tgstation-server-v4.2.2

tgstation-server-v4.2.3

tgstation-server-v4.2.4

tgstation-server-v4.2.5

tgstation-server-v4.2.6

tgstation-server-v4.2.7

tgstation-server-v4.2.8

tgstation-server-v4.3.0

tgstation-server-v4.3.1

tgstation-server-v4.3.2

tgstation-server-v4.3.3

tgstation-server-v4.3.4

tgstation-server-v4.3.5

tgstation-server-v4.3.6

tgstation-server-v4.4.0

tgstation-server-v4.4.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-16136.json"