GHSA-r28m-g6j9-r2h5

Source

https://github.com/advisories/GHSA-r28m-g6j9-r2h5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-r28m-g6j9-r2h5/GHSA-r28m-g6j9-r2h5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r28m-g6j9-r2h5

Aliases

CVE-2019-10246

Published

2019-04-23T16:07:18Z

Modified

2024-02-16T08:10:20.837486Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Information Exposure vulnerability in Eclipse Jetty

Details

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.

Database specific

{
    "nvd_published_at": "2019-04-22T20:29:00Z",
    "cwe_ids": [
        "CWE-200",
        "CWE-213"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2019-04-23T16:03:54Z"
}

References

Affected packages

Maven / org.eclipse.jetty:jetty-server

Package

Name: org.eclipse.jetty:jetty-server; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.2.0

Fixed

9.2.28.v20190418

Affected versions

9.*

9.2.0.v20140526

9.2.1.v20140609

9.2.2.v20140723

9.2.3.v20140905

9.2.4.v20141103

9.2.5.v20141112

9.2.6.v20141205

9.2.7.v20150116

9.2.8.v20150217

9.2.9.v20150224

9.2.10.v20150310

9.2.11.M0

9.2.11.v20150529

9.2.12.M0

9.2.12.v20150709

9.2.13.v20150730

9.2.14.v20151106

9.2.15.v20160210

9.2.16.v20160414

9.2.17.v20160517

9.2.18.v20160721

9.2.19.v20160908

9.2.20.v20161216

9.2.21.v20170120

9.2.22.v20170606

9.2.23.v20171218

9.2.24.v20180105

9.2.25.v20180606

9.2.26.v20180806

9.2.27.v20190403

Database specific

{
    "last_known_affected_version_range": "<= 9.2.27.v20190403"
}

Maven / org.eclipse.jetty:jetty-server

Package

Name: org.eclipse.jetty:jetty-server; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.3.0

Fixed

9.3.27.v20190418

Affected versions

9.*

9.3.0.v20150612

9.3.1.v20150714

9.3.2.v20150730

9.3.3.v20150827

9.3.4.RC0

9.3.4.RC1

9.3.4.v20151007

9.3.5.v20151012

9.3.6.v20151106

9.3.7.RC0

9.3.7.RC1

9.3.7.v20160115

9.3.8.RC0

9.3.8.v20160314

9.3.9.M0

9.3.9.M1

9.3.9.v20160517

9.3.10.M0

9.3.10.v20160621

9.3.11.M0

9.3.11.v20160721

9.3.12.v20160915

9.3.13.M0

9.3.13.v20161014

9.3.14.v20161028

9.3.15.v20161220

9.3.16.v20170120

9.3.17.RC0

9.3.17.v20170317

9.3.18.v20170406

9.3.19.v20170502

9.3.20.v20170531

9.3.21.M0

9.3.21.RC0

9.3.21.v20170918

9.3.22.v20171030

9.3.23.v20180228

9.3.24.v20180605

9.3.25.v20180904

9.3.26.v20190403

Database specific

{
    "last_known_affected_version_range": "<= 9.3.26.v20190403"
}

Maven / org.eclipse.jetty:jetty-server

Package

Name: org.eclipse.jetty:jetty-server; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.4.0

Fixed

9.4.17.v20190418

Affected versions

9.*

9.4.0.v20161208

9.4.0.v20180619

9.4.1.v20170120

9.4.1.v20180619

9.4.2.v20170220

9.4.2.v20180619

9.4.3.v20170317

9.4.3.v20180619

9.4.4.v20170414

9.4.4.v20180619

9.4.5.v20170502

9.4.5.v20180619

9.4.6.v20170531

9.4.6.v20180619

9.4.7.RC0

9.4.7.v20170914

9.4.7.v20180619

9.4.8.v20171121

9.4.8.v20180619

9.4.9.v20180320

9.4.10.RC0

9.4.10.RC1

9.4.10.v20180503

9.4.11.v20180605

9.4.12.RC0

9.4.12.RC1

9.4.12.RC2

9.4.12.v20180830

9.4.13.v20181111

9.4.14.v20181114

9.4.15.v20190215

9.4.16.v20190411

Database specific

{
    "last_known_affected_version_range": "<= 9.4.16.v20190411"
}