漏洞标题
"Logsign 统一安全运维平台目录遍历任意目录删除漏洞"
漏洞描述信息
Logsign 统一安全运维平台目录遍历任意目录删除漏洞。此漏洞允许远程攻击者在影响Logsign 统一安全运维平台的安装上删除任意目录。需要身份验证来利用此漏洞。
该特定漏洞存在于HTTP API服务中,通常监听TCP端口443。此问题源于在使用路径执行文件操作之前未正确验证用户提供的路径。攻击者可以利用此漏洞在root上下文中删除目录。这是ZDI-CAN-25028。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability
漏洞描述信息
Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.
The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root. Was ZDI-CAN-25028.
CVSS信息
N/A
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Logsign Unified SecOps Platform 路径遍历漏洞
漏洞描述信息
Logsign Unified SecOps Platform是Logsign公司的一个安全运营平台。用于收集、存储、分析和响应来自各种来源的安全数据。 Logsign Unified SecOps Platform存在路径遍历漏洞,该漏洞源于用户提供的路径在用于文件操作前未能进行适当的验证,可能导致远程攻击者利用此漏洞删除任意目录。
CVSS信息
N/A
漏洞类别
路径遍历