Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian
Published 2020-04-10 00:15:11
Updated 2021-09-13 14:24:19
View at NVD,   CVE.org
Vulnerability category: Execute codeInformation leak

Products affected by CVE-2019-7305

Exploit prediction scoring system (EPSS) score for CVE-2019-7305

0.44%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-7305

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST
5.8
MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
3.9
1.4
Canonical Ltd.

CWE ids for CVE-2019-7305

References for CVE-2019-7305

  • https://launchpad.net/bugs/1822013
    Bug #1822013 “extplorer package exposes /usr/ (and /etc/extplore...” : Bugs : extplorer package : Ubuntu
    Issue Tracking;Third Party Advisory
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!