CVE-2020-35736 Information

Description

GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://rmb122.com/2019/08/28/Ogeek-Easy-Realworld-Challenge-1-2-Writeup/ https://github.com/liftoff/GateOne/issues/747

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5