CVE-2014-2858

medium

Description

Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types.

References

http://www.securityfocus.com/archive/1/531281/100/0/threaded

http://www.gopivotal.com/security/cve-2014-0053

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html

Details

Source: Mitre, NVD

Published: 2014-04-15

Updated: 2018-10-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium