jvndb - jvndb-2014-000023

jvndb-2014-000023

Vulnerability from jvndb

Published

2014-02-26 15:22

Modified

2014-03-03 18:44

Severity

() - -

Summary

Cybozu Garoon vulnerable to directory traversal

Details

Cybozu Garoon contains a directory traversal vulnerability. Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files.

References

Type	URL
JVN	http://jvn.jp/en/jp/JVN26393529/
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0820
NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0820
Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor	Product
Cybozu, Inc.	Cybozu Garoon

Show details on JVN DB website

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000023.html",
  "dc:date": "2014-03-03T18:44+09:00",
  "dcterms:issued": "2014-02-26T15:22+09:00",
  "dcterms:modified": "2014-03-03T18:44+09:00",
  "description": "Cybozu Garoon contains a directory traversal vulnerability.\r\n\r\nCybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000023.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "3.5",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000023",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN26393529/",
      "@id": "JVN#26393529",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0820",
      "@id": "CVE-2014-0820",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0820",
      "@id": "CVE-2014-0820",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to directory traversal"
}

cve-2014-0820

Vulnerability from cvelistv5

Published

2014-02-27 01:00

Modified

2024-08-06 09:27

Severity

Summary

Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.

References

URL	Tags
http://jvn.jp/en/jp/JVN26393529/index.html	third-party-advisory, x_refsource_JVN
http://cs.cybozu.co.jp/information/gr20140225up05.php	x_refsource_CONFIRM
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023	third-party-advisory, x_refsource_JVNDB
https://support.cybozu.com/ja-jp/article/7994	x_refsource_CONFIRM
http://www.securityfocus.com/bid/65815	vdb-entry, x_refsource_BID

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#26393529",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN26393529/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cs.cybozu.co.jp/information/gr20140225up05.php"
          },
          {
            "name": "JVNDB-2014-000023",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/7994"
          },
          {
            "name": "65815",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-14T16:57:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#26393529",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN26393529/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cs.cybozu.co.jp/information/gr20140225up05.php"
        },
        {
          "name": "JVNDB-2014-000023",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/7994"
        },
        {
          "name": "65815",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65815"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2014-0820",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#26393529",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN26393529/index.html"
            },
            {
              "name": "http://cs.cybozu.co.jp/information/gr20140225up05.php",
              "refsource": "CONFIRM",
              "url": "http://cs.cybozu.co.jp/information/gr20140225up05.php"
            },
            {
              "name": "JVNDB-2014-000023",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/7994",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/7994"
            },
            {
              "name": "65815",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2014-0820",
    "datePublished": "2014-02-27T01:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.