When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping.
This issue affects GoAnywhere: before 7.8.0.
References
Link | Resource |
---|---|
https://www.fortra.com/security/advisories/product-security/fi-2025-004 | Vendor Advisory |
Configurations
History
10 May 2025, 00:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:* | |
References | () https://www.fortra.com/security/advisories/product-security/fi-2025-004 - Vendor Advisory | |
First Time |
Fortra
Fortra goanywhere Managed File Transfer |
29 Apr 2025, 13:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Apr 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-28 21:15
Updated : 2025-05-10 00:55
NVD link : CVE-2025-0049
Mitre link : CVE-2025-0049
CVE.ORG link : CVE-2025-0049
JSON object : View
Products Affected
fortra
- goanywhere_managed_file_transfer
CWE
CWE-209
Generation of Error Message Containing Sensitive Information