Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds.
Vulnerability Description
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Hitachi Pentaho Business Analytics 路径遍历漏洞
Vulnerability Description
Hitachi Pentaho Business Analytics是日本日立制作所(Hitachi)公司的一个业务分析平台。用于安全地访问、集成、操作、可视化和分析大数据资产。 Hitachi Pentaho Business Analytics 9.2.0.2 版本之前的 9.2 版本和 8.3.0.25 版本之前的 8.3 版本存在安全漏洞,该漏洞源于某个插件公开了模板的服务端点,允许用户提供的路径访问越界资源。
CVSS Information
N/A
Vulnerability Type
N/A