CVE-2018-3715 — Path Traversal in Project Glance

CWE-22 — Path Traversal6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 46.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glance Project Glance Hackerone Glance Node Module

Timeline

PublishedJun 7

Latest updateFeb 13

Description

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5hackerone/glance_node_moduleVersions before 3.0.4

▶CVEListV5glance_project/glance< 3.0.9

▶NVDglance_project/glance< 3.0.4

▶npmglance_project/glance< 3.0.4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Path traversal vulnerability in glance↗2023-02-13

▶

OSV

Path Traversal in glance↗2018-07-26

▶

GHSA

Path Traversal in glance↗2018-07-26

▶

CVEList

CVE-2018-3715: glance node module before 3↗2018-06-07

▶

💬Community

Bugzilla

CVE-2016-6319 foreman: Persistent XSS in Foreman remote execution plugin↗2016-08-10

▶