CVE-2020-19678Path Traversal in Suricata

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 23.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oisf SuricataPfsensePfsense Suricata Package
Timeline
PublishedApr 6

Description

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDoisf/suricata1.4.6
NVDpfsense/pfsense2.1.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-x5vw-7f44-jrxq: Directory Traversal vulnerability found in Pfsense v2023-04-06
CVEList
CVE-2020-19678: Directory Traversal vulnerability found in Pfsense v2023-04-06
CVE-2020-19678 — Path Traversal in Oisf Suricata | cvebase