zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
References
Link | Resource |
---|---|
https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba | Patch Third Party Advisory |
https://github.com/94fzb/zrlog/issues/48 | Issue Tracking Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-08-25 22:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-19005
Mitre link : CVE-2020-19005
CVE.ORG link : CVE-2020-19005
JSON object : View
Products Affected
zrlog
- zrlog
CWE
CWE-863
Incorrect Authorization