Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
tgstation-server 安全漏洞
Vulnerability Description
tgstation-server是一款用于管理生产BYOND服务器的工具集。 tgstation-server 4.4.0版本和4.4.1版本中存在安全漏洞。攻击者可借助带有‘../’目录遍历序列的/Administration/Logs/请求利用该漏洞下载服务器用户可访问的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A