UBUNTU-CVE-2019-7305

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-7305

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-7305.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-7305

Upstream

CVE-2019-7305

Published

2020-04-10T00:15:00Z

Modified

2025-10-24T04:47:29Z

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian

References

Affected packages

Ubuntu:16.04:LTS / extplorer

Package

Name: extplorer
Purl: pkg:deb/ubuntu/extplorer@2.1.0b6+dfsg.3-4+deb7u5ubuntu0.16.04.1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.0b6+dfsg.3-4+deb7u1

2.1.0b6+dfsg.3-4+deb7u1ubuntu1

2.1.0b6+dfsg.3-4+deb7u3ubuntu0.1

2.1.0b6+dfsg.3-4+deb7u4ubuntu0.16.04.1

2.1.0b6+dfsg.3-4+deb7u5ubuntu0.16.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "extplorer",
            "binary_version": "2.1.0b6+dfsg.3-4+deb7u5ubuntu0.16.04.1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-7305.json"