- Description
- Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system.
- Source
- security.vulnerabilities@hitachivantara.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB67F45F-D25C-4B85-8819-433D89F3EF1F",
"versionEndExcluding": "8.3.0.25",
"versionStartIncluding": "8.3.0.0"
},
{
"criteria": "cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "111F5389-BE1D-480F-8229-3EEDF8F6D82A",
"versionEndExcluding": "9.2.0.2",
"versionStartIncluding": "9.2.0.0"
}
],
"operator": "OR"
}
]
}
]